Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
07-09-2024 19:16
Static task
static1
Behavioral task
behavioral1
Sample
d2a7ea5f7daa1f2008dae4dfae212768_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d2a7ea5f7daa1f2008dae4dfae212768_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d2a7ea5f7daa1f2008dae4dfae212768_JaffaCakes118.html
-
Size
67KB
-
MD5
d2a7ea5f7daa1f2008dae4dfae212768
-
SHA1
0ea064b2c711576516b98cac049c83e41e32029d
-
SHA256
093801892f26038e8c7adb96e8330510d61237826d8d126de4039e863dade302
-
SHA512
89796ef9922dc6b4a5f7bdba71573185404399d738031df601ade86b4e79481e1c7354175eb0d08205675584b0654545d4cfb0e31e9ccc72b5cb1eea52267c42
-
SSDEEP
768:JiegcMiR3sI2PDDnX0g6sTltsoTyS1wCZkofyMdtbBnfBgN8/lboi2hcpQFVG8sM:JaLhTzNeD0tbrga94hcuNnQC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1056 msedge.exe 1056 msedge.exe 3604 msedge.exe 3604 msedge.exe 4324 identity_helper.exe 4324 identity_helper.exe 1880 msedge.exe 1880 msedge.exe 1880 msedge.exe 1880 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe 3604 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3604 wrote to memory of 432 3604 msedge.exe 85 PID 3604 wrote to memory of 432 3604 msedge.exe 85 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1344 3604 msedge.exe 86 PID 3604 wrote to memory of 1056 3604 msedge.exe 87 PID 3604 wrote to memory of 1056 3604 msedge.exe 87 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88 PID 3604 wrote to memory of 1812 3604 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d2a7ea5f7daa1f2008dae4dfae212768_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad63c46f8,0x7ffad63c4708,0x7ffad63c47182⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:3976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2368 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:2000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,2870636234976041158,5453641647502114836,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1880
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4812
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ab8ce148cb7d44f709fb1c460d03e1b0
SHA144d15744015155f3e74580c93317e12d2cc0f859
SHA256014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
6KB
MD53ccc5168bf473aea5b5a04497b935a70
SHA1fab03d7516f42dd8990030d16a91180ad5669130
SHA25629278fe1de251c8bb8f74c2575ad462f85ddb248dc4afce642c1a45ed00e41e4
SHA512b83e8a58026539da87c5ea65f304088f24839c250edf3e0cc541063203100158b65799d1b0aa2e5c07cface80c78e654333742c3a29e5a640ecef07a7526e768
-
Filesize
6KB
MD5a7f7f0c83762f8ffa9c615abb4d89931
SHA1077af815759f14a24fffb7f6eb35827a0c67f86d
SHA25692799c4f9abaeced07176dadd7decbc7e7116d12f47a136e6778e770fa02e19b
SHA5128dbf80361c7a1f43cee4b1e3ffa19a46a100d113ad68ef81ce4f3466edfc5da8c8cb9d59789f0dfa35280f2e8729dbb9ce264b1980a38586c3b5c981591a50a9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d52cd9c1d016b51e803174c57d50dfdc
SHA1a264082c01cb8184b9f55bc9a07fb5decd59a8e2
SHA256f1752f14dca5ef0802f94d254cec560dee48c1b487f8103f8188f8d7b1d1fb76
SHA512f18f3f39a7719c8d411d637ea68698dfb3894f23d4b0645f0e7be08483c384d42b428d8dba6cbe6074d7e4d58c7a12b6339952f047572a00c7f3430820ebfe52