Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2024, 08:27
Static task
static1
Behavioral task
behavioral1
Sample
de0d5bef3dd8fbf4829d1584173eb26a_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de0d5bef3dd8fbf4829d1584173eb26a_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
de0d5bef3dd8fbf4829d1584173eb26a_JaffaCakes118.html
-
Size
137KB
-
MD5
de0d5bef3dd8fbf4829d1584173eb26a
-
SHA1
9865bcdcde59da1625327c475ae04fefcccfee14
-
SHA256
8c2fd035bf6bd4c34c21062b9271d760dc8d6bc99c581ccf4ec21ddb67eb8419
-
SHA512
d796aaffe16ece0dd1de9ea62c29c8ede8e23b6e13ee414538b4fe67f73e6ece3050552037718de744ee6bca309a1992cff660ac7a077e3d905f297dc02956c9
-
SSDEEP
1536:D5N2TctXG1L4rBgfdgQ8KJGMwtk151UtP7WMl9zJOEVT/Y846F07Ghgi0A:D5N2TKGKQGQ8KJ5wtk1wteMLL5F
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4940 msedge.exe 4940 msedge.exe 2284 msedge.exe 2284 msedge.exe 5032 identity_helper.exe 5032 identity_helper.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe 4912 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2284 wrote to memory of 4760 2284 msedge.exe 83 PID 2284 wrote to memory of 4760 2284 msedge.exe 83 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 1352 2284 msedge.exe 84 PID 2284 wrote to memory of 4940 2284 msedge.exe 85 PID 2284 wrote to memory of 4940 2284 msedge.exe 85 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86 PID 2284 wrote to memory of 1264 2284 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\de0d5bef3dd8fbf4829d1584173eb26a_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffc28ee46f8,0x7ffc28ee4708,0x7ffc28ee47182⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:22⤵PID:1352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:1264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:82⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:2792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:1932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,3543185747414811454,16768312485944888621,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1208
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
421B
MD5b03ebadf451552426e48dec56e5d1b2b
SHA1453d0f9778f11138b21df4ff9870fe56cc7006c9
SHA25655c9059e0d6af0924f85111f92a4533421f61ed52cf41d4ee36911530d2bf8f3
SHA512acfd6926362af4d8f334cc3305e4246ba6604976d60e2e0caa08b62d383a175283349b7b570aaacc9368bad33069fafb57c3df77abde834533bf0aecd93519fb
-
Filesize
5KB
MD5f625f0ef42cbb50ea0125441d1e9537a
SHA1771d846849c4d55d6070c944cd7e12e2f6657a58
SHA2560c55aae32079de9f5e589319421014b753c0f8572ba63747d432ac8ed6892a51
SHA51252de3a5a829f45365cbf63860a96f7ae82b3cfbf394beaa4f4a485845373e4be2a18fb9d8a76197e6024e646f1d11f349c580543891fc0f9f658c7f254576ffe
-
Filesize
6KB
MD5caae7cf1746be950e265231c320e56b4
SHA12d8ca8129a8da9b89525fe79a3e75cdd6e02ee10
SHA2563e3e83a93fe570ad05e2f7bc09efed1e606170ba02ca5f8ab887a62a93b901c6
SHA5122df43546ab5f82a1d6d8e340aa327b2a325d0327de4c0cab1f86c6204f52b7cb3ee2da95dba664b18a4d91d89237c8402cb6808364962991a767761bc756c487
-
Filesize
6KB
MD5f0e1a3f10a79a76996f1041c5f195da8
SHA1d93cce0ccb596c7ffce62520d28a193a11068991
SHA2566ee5a6ab34488a846284e68aa6773d2d5e177ee51062db3063529bb1b5e5cdf1
SHA512561aa842833190faac1a140f89b66ebd0f134b31341931e3b3c42b69a8492508758495efb2c2105d1d563ecf7a52d5df8e80651346a422b52f842b08bcd91321
-
Filesize
540B
MD59648bc0632879e819234a04ecbc17aa3
SHA1ad4a699cc30a8ddaf01ab93058b2f4aaaf9f20eb
SHA256e94e5f23af07ae6b3925d2ff25b56ddfa40ee4e5d143f0cbe632cb5f54875e00
SHA51247163f70938187d2e2998b0c430b8e6019bbb2a47071147d331b1ee67d3d81856292ec79d73b5b578159b5226ac4025825c23842ec827667838bc8b22ffaacdf
-
Filesize
204B
MD54c31ef7f5b421ff53f8243cc03a816ee
SHA1c04c3917fb1b7b500999a7ff89578f55ff25b4e5
SHA256074361fa631603ec9e1b871a8299c16877e55c816eaa2d8a55685c66148e4477
SHA512469556f4a19b19bea7f579bb018866448f8cde51f4931d066ee13fecac60de45cc7831535608d21c4726d7067ddb8dc7d489a7d0b2b72a0f11cd8711da7e47af
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD535c15472818ac0dda662b2864b01c3ab
SHA10ef3e5e75ecd6f85f884c48ea6d498dcae9abbd4
SHA2568599a4e7f1800b4775386da665f3d5de55ee4b101ae6975ff756d9ac781dd1de
SHA5123fe687e6e9653c2ce1077d5fd90a8f3e66408e808abf82c7422ac0a779534183377b4165af6946ef4a05fff3e86bde1cfea31b73fe7e1f9c564c7bc63d498e58