Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-09-2024 13:56
Static task
static1
Behavioral task
behavioral1
Sample
f6288f3dcba5a7aa036c1ba60bf0e573_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f6288f3dcba5a7aa036c1ba60bf0e573_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f6288f3dcba5a7aa036c1ba60bf0e573_JaffaCakes118.html
-
Size
42KB
-
MD5
f6288f3dcba5a7aa036c1ba60bf0e573
-
SHA1
c4aea913b46d72b0c32eb037070397ed45c1e774
-
SHA256
dceadfc85368ded74538e844bed5e528bb77109c78c3f2cdb24255109eee336a
-
SHA512
84884a33193687ae43c93fdd55fbcb77b346c78dd5b45ce5fdef8cfacf729f47f130da793f4fc5967b1c6ccfad2e3dcfc2ece68a73e5eb01cd0cd80054e64a6c
-
SSDEEP
768:OtjSkEQo/TNnlqjIgP0kNwCw7BrrKBPkAn1aRdjXKYXQf/Bb/XJ8xY/Un:OtjBEQo/TNQjIgskNw97BrrQkg/Bb/XS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2684 msedge.exe 2684 msedge.exe 2536 msedge.exe 2536 msedge.exe 992 identity_helper.exe 992 identity_helper.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe 3500 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2536 wrote to memory of 4504 2536 msedge.exe 82 PID 2536 wrote to memory of 4504 2536 msedge.exe 82 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 4024 2536 msedge.exe 83 PID 2536 wrote to memory of 2684 2536 msedge.exe 84 PID 2536 wrote to memory of 2684 2536 msedge.exe 84 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85 PID 2536 wrote to memory of 220 2536 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f6288f3dcba5a7aa036c1ba60bf0e573_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a02a46f8,0x7ff9a02a4708,0x7ff9a02a47182⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:4024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵PID:2376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:12⤵PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,465820492846947824,7314995972593885202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3500
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:844
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2508
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
Filesize
1KB
MD5e94c0616f15e34c45f4f8f137e842862
SHA172d07709a023e533a59a9e3f61d833340083f7fb
SHA256a9424f3aff1111f2fab24abe2690d92608a6eefd7ea9b25e4223264d7d1617bc
SHA512357f9eb9050cac3e1a0be38565ed1dab21d9d00e1ce1c42264c1c85530112ef29dd55c2e05f16544a47611f6399747e131b003edaeea6fb9c08bfa599a7b1c21
-
Filesize
5KB
MD58aca9fea8730ff97e057b0af320f877a
SHA12fd583b390679f485c8be912b75fc92bcf4e1402
SHA25678ba3e4bc82de319db3c0d04fd90ea3c2ea7f0f64a29165693e8bca69cca9d3d
SHA512c7107843c64e867c9f3a17d0b536d2583d42355bc486ed79e6bbc60009b0fdacc6938b330488408bb2c3aa63236a4e5a20c80833de64851ed36ae7cff149f15d
-
Filesize
6KB
MD531cfdb95ebfac1b130c01696dbd3040a
SHA136b8b65e13c6d9878f9928f425fa3727beb47ba3
SHA2569947190e307f3edfc819015a2453b0aeb9f7be9baeb672b4d383d455609853e1
SHA512ecd23d477682b81626c51ef38c159076ab15a70d1a8f321e73a4c676605eac7813ee8be71587d4f63df4c2be84a72d49b0d9f011bb5321bcb0f17259b1cd1ba7
-
Filesize
6KB
MD56b37ebf30838494edfb6bbb54d5e726a
SHA160ff77e574c4d7231a3245ccc5676b57d024dc10
SHA256240ac2f773e2d3da1ff867c7ef47d38ebee56ff8a3f700584341dd2f52cefa7f
SHA512579cef7a42977addaf22921388452e78c6314cd72b9aa2c6b91815c58a304d119e143feb466f0e2e4fc172aa181201759fd84470c86fb8179b569b39f2ef7c9f
-
Filesize
372B
MD5b2139a7aaeb2da7018a53cc61b772d14
SHA1bbdff40bc49ffc1c50dbedbe2a9399be9950b714
SHA2564aa2f16ce5bd417c03d3357a4561966c983a0364cac24d06336748b24c9597ce
SHA5125d03985f0a2ce6983c98dde16f069c11f430ca5ae223d93cb1fa0b03ef39882e9eba569d907b40392995758baf11410e1933f58b17afb0ebd5576241d4ca56ba
-
Filesize
368B
MD55c7952b76e2c7646cfbccf3126ded0d4
SHA177a4f1b974bcad3cb2768aed21b028d2fa773f2b
SHA25623d61c278ffb8113cc54d585c00101d342b1b1532e2cd6eacc2ac06148911007
SHA5123c00b8188a90528fd008517aa307a564bbcc9ae1eea5fba3f4aff5bb9b678fedb57a7eb6883c4f9c7a741bd7a0328e5f60906ee659a0c34fcaf7908bc1871edb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD57ce2a649a3ba72b724bf2dba960b13af
SHA1df800914d667871156ada373af58f8686bcda674
SHA256957753e081c5a948d2acb1220bc93c45f09c0f740098c999fa7063d3329c7fd6
SHA51200b202d8f016b639df3c1978825b46c4efab3b3e2dd368802f04deb5e9b3602e7c8972ba51df359b01df20d97446779af3a6e4c9750be606cec9b3b10516cec6