Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09-09-2024 18:08
Static task
static1
Behavioral task
behavioral1
Sample
d6d80a5ef6c0e6f7597b747645beeabe_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d6d80a5ef6c0e6f7597b747645beeabe_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d6d80a5ef6c0e6f7597b747645beeabe_JaffaCakes118.html
-
Size
28KB
-
MD5
d6d80a5ef6c0e6f7597b747645beeabe
-
SHA1
86c5e1c927fb9783b7e8410758dd2121380d8203
-
SHA256
2f3a53372ec0fb694ee7260f3062f0a8adfe7f4c6eea59fe7e76c9ea560fcf1d
-
SHA512
583606b2bc9fbcb4c70ea76e5fc72d805ee309903ebd7ce0791566d1ae69fd7f2c8866be188de841dd80d3643a60d3804be2b5219ad7a83ed535f8dbbbd32187
-
SSDEEP
768:Zcd9QZBC7mOdM87pC5I9nC4WwGwbwCcPd:gQZBCCOdf0IxCJwGwbwCcPd
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3760 msedge.exe 3760 msedge.exe 1824 msedge.exe 1824 msedge.exe 1728 identity_helper.exe 1728 identity_helper.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe 2272 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe 1824 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1824 wrote to memory of 4276 1824 msedge.exe 87 PID 1824 wrote to memory of 4276 1824 msedge.exe 87 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 2332 1824 msedge.exe 88 PID 1824 wrote to memory of 3760 1824 msedge.exe 89 PID 1824 wrote to memory of 3760 1824 msedge.exe 89 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90 PID 1824 wrote to memory of 2616 1824 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d6d80a5ef6c0e6f7597b747645beeabe_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1824 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9e8b446f8,0x7ff9e8b44708,0x7ff9e8b447182⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:12⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:60
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11169430919723710321,1696718096502656521,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4772
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1488
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
6KB
MD511ba7ac34d4bebe51923a47287003dd5
SHA1aaa1eec918cec10b5aef3bcbc703e8ad5cb31b66
SHA2564e1813fa097b9d331ca45af635998483fd5382d7da92efee2db25fdaec15306d
SHA512c556ffe8f129467bb53ab618303947759efbb05ec85d0cfe90936bbcf84efdddd322f24a2ad0884ce9d76412b736b5fc98ee96ea0138ac2837edb1f0d6089ccf
-
Filesize
6KB
MD56abf54c7f628cfed6afb1c975f760697
SHA12a86aab209ffa3f95179a1855f25cbdf7e1a2b21
SHA256fb79b8ecfac04488e5f25dcc7e895fe287825d52ee82e1dab27469ac9906d6f7
SHA51267a940f048dd7b1252c36209b83276ba896c1acd2214ab3ad0a188eb13e1849605ce14f435c7385c78231191c20e781c54d971767aa7813ef8bf51dcec84a1ac
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD510076d5015586be12503a962ccc1e0a1
SHA1eae04a40d7d7ce3f05b328ee9877c1b70424e735
SHA2562aeff1e23849dad929e0de5a3fb534681f50c848220cd152fdee6f1bc52d09c0
SHA5125e2badc5c8c03c74411fa9877c9838ce631fa56faa5f1897a6b3f71f7c4e1c460434d39c8d67eb3a8a7bad2891b62088178af8c0a93adde4289b68dc2e146d53