Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-09-2024 22:31
Static task
static1
Behavioral task
behavioral1
Sample
f6fbc5cfd21b8cf851f90892549bc19c_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
f6fbc5cfd21b8cf851f90892549bc19c_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f6fbc5cfd21b8cf851f90892549bc19c_JaffaCakes118.html
-
Size
70KB
-
MD5
f6fbc5cfd21b8cf851f90892549bc19c
-
SHA1
6bec4dff643286049ab30d1db97f6586abfdcfea
-
SHA256
5f9d1e3c1e72db8aa30e8f10d6071fe9b94c3a99f3e60a8f8712fc98f60a3f4b
-
SHA512
3f7bc54abb5e9bcb939d2e44fcd44db28b29fb865feb5084f3d6dcdc2cc2d74f7edac62e617a67a72a946227f502a70258007c119dd4a93a1841cd9c585f237b
-
SSDEEP
768:JirgcMWR3sI2PDDnd0g6BJMZe9oTye1wCZkoTyMdtbBnfBgN8/lboiGhcRoQFVGN:Jbu6eaTvNen0tbrga90hcJNnspv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4668 msedge.exe 4668 msedge.exe 4076 msedge.exe 4076 msedge.exe 5028 identity_helper.exe 5028 identity_helper.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe 4076 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4076 wrote to memory of 968 4076 msedge.exe 82 PID 4076 wrote to memory of 968 4076 msedge.exe 82 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 1648 4076 msedge.exe 83 PID 4076 wrote to memory of 4668 4076 msedge.exe 84 PID 4076 wrote to memory of 4668 4076 msedge.exe 84 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85 PID 4076 wrote to memory of 3844 4076 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f6fbc5cfd21b8cf851f90892549bc19c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93cf746f8,0x7ff93cf74708,0x7ff93cf747182⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵PID:3844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17524186069588117889,10425032274173914646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3576
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD553bc70ecb115bdbabe67620c416fe9b3
SHA1af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
Filesize
5KB
MD591d897a1d78a23d911decaf44b243ffb
SHA1d814c802105a9ba95ef06471aa6c931222b7775f
SHA2560013d1c691b12f092408b9d65c1a2891378a7ffd172c1f12c205c15a84cca5a6
SHA51249bf911d8ce0f35c2903c387cde75ee5e52f08267c25efa189dc2c3c093367d36e7fb85a55547b2726d958d564a56f69452810e3478d6c53e75022405b491967
-
Filesize
6KB
MD503609925a713bbf60ca7332817b6bc84
SHA162994ba9cd80aadb578a889ddd49806611659c2d
SHA256d0e300b782568eaebe05883b4fad4806c07674dd93546d835efec44a6e94b8b2
SHA512a3c70e7de84500e16729bde1b41e3c38914414c50cc29141feba1f94b5d84df8d9d0d896e7cedfa303fe46ce00fefcd06a227e2fe9df6cf918290a031f990035
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5abe2a57f872c5581912fd65fba512f0c
SHA1d43508ec124c9278c9cbcf46722e2b3a125748ba
SHA25666dcf7ea65e896ad9cd2899eded7e16a9de19fa245f6587a78885e47e6e0bf2d
SHA5128ac88ce62ac0487269ba4ef8078da6506ef0cb778557715162b350bf18ad178950b38d7060058a2094333fee3905ce66cd3ba7047eb84bf68f978e8f68abf969