Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 12:35
Static task
static1
Behavioral task
behavioral1
Sample
fe89b57ad149fbcdcb7bca80d2e48cce_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fe89b57ad149fbcdcb7bca80d2e48cce_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fe89b57ad149fbcdcb7bca80d2e48cce_JaffaCakes118.html
-
Size
36KB
-
MD5
fe89b57ad149fbcdcb7bca80d2e48cce
-
SHA1
49341f51b4474a2bb6e93ab6e978b5b25ce48e70
-
SHA256
8ff4eb4791c2f5008f65f37678cb8dcfadecc88a33a6fe76fe7e645b8c0b084c
-
SHA512
ec27d64b26e8e3df492e1fb7911cd0ed90eed399e2bd843d701c9d19bbfd0a1802e164ba21ecdfbc046673758e0be6e476fd85a913018716964cafc129e3c411
-
SSDEEP
768:zwx/MDTHxp88hARLZPX6E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6Tsdi6f9U56lLRcy:Q/TbJxNVpufS6/s8NK
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4400 msedge.exe 4400 msedge.exe 3168 msedge.exe 3168 msedge.exe 2992 identity_helper.exe 2992 identity_helper.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe 3168 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3168 wrote to memory of 3668 3168 msedge.exe 81 PID 3168 wrote to memory of 3668 3168 msedge.exe 81 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 996 3168 msedge.exe 82 PID 3168 wrote to memory of 4400 3168 msedge.exe 83 PID 3168 wrote to memory of 4400 3168 msedge.exe 83 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84 PID 3168 wrote to memory of 4936 3168 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe89b57ad149fbcdcb7bca80d2e48cce_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2ffd46f8,0x7ffd2ffd4708,0x7ffd2ffd47182⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:3040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵PID:1520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,7913987108825545807,2039938213965120116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
Filesize
614B
MD5afd123cdda95ec7ee924b1116a9d7e84
SHA14de72fda5ca6f46700a2d8efa913a85ca90b4df6
SHA256c9cda7ac1af2e88dff6bc7826cb2520ae29bc540936946b98e785d43c8025334
SHA512f05c02358fe1a6fade21e0534a1844e2f8645fe1d00fbdc3268f5f354c7bc12193302ca76bb03bbc6cc37d6c4aec2ce5671c36418d716ca69fb7189694c8314b
-
Filesize
6KB
MD5d7bc3e8b823715ec83474e4f5c5eeb2a
SHA1f8ce06858cac8438db23b42b0e416eabe5d632bc
SHA25642937618c26464e9b0c3f61664b5e8b557385c4acb9b4a3875d9a37dc9713738
SHA512a9690ea08077cce8af96c9a784c866936508eff9a23e87e1f0f611a163d6793605f154f7b6bc0cbf09afabcfa4549a31a287cc00aac000504ebc618e67d00faf
-
Filesize
5KB
MD55a3113b0daac42f6ed4d51e2e5d469cf
SHA188bcadca1c9ed34913f8d29866d3f3db2ca9720b
SHA2566f741bcbe87e75b36ccbe38a5023c088b491da92d299d9890810e725cbf0565d
SHA51228e28135174ca75897e443e33e5cc7aea28ec3fd221a924cf2b79878c6d669dd1cd57d47ed9f760a16cc8042afd2e329ca88cf76b93f18da0d9dbc1afafd1d33
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5ebae0273ee8e4da53960c2e7538a0646
SHA1974a675b7e16b1f6f5307cdf5761aaf0ad839baa
SHA256dc80d03dc4813c26a3e52de27189b82534d269e0977f552833888b9f208b1752
SHA512be2eb57ee99c14c97218b40a66dc5fc77eb515403f16597a0d6b4adc5c5f0b52dbd12a593fe9478f07f703e65f08ac191f690e69aa01d066c88f6af83a1dab6c