Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30/09/2024, 19:08
Static task
static1
Behavioral task
behavioral1
Sample
02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html
-
Size
85KB
-
MD5
02db6041b71718d5c960f08bb5f2ca30
-
SHA1
059448f5fa3d54ecabb9809608104c5ff444b44a
-
SHA256
75359291fac0901aaa2550df2a98c6433f89c28316059400a01cbb83f0f97337
-
SHA512
0e8284b02a6dc8155e285b8159a9b1a4b0d2830cd864694be6d578d06ece76cb6cd04882190bd86a021b4f0687945672c06410655a75f81b7aa0df5fe0f65a9a
-
SSDEEP
1536:U+ipVn1BUNqvLKvr7R/bnVcWCU+So0mjiMpbqqvmznhKv++nPLB1Vi:UBvLKvr7R5GiyuznhKv++nTB1c
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 936 msedge.exe 936 msedge.exe 564 msedge.exe 564 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe 1604 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 564 msedge.exe 564 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe 564 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 564 wrote to memory of 5100 564 msedge.exe 84 PID 564 wrote to memory of 5100 564 msedge.exe 84 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 5036 564 msedge.exe 85 PID 564 wrote to memory of 936 564 msedge.exe 86 PID 564 wrote to memory of 936 564 msedge.exe 86 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87 PID 564 wrote to memory of 3152 564 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:564 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb91946f8,0x7ffeb9194708,0x7ffeb91947182⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8183259289940708788,16188934247412770386,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:22⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8183259289940708788,16188934247412770386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8183259289940708788,16188934247412770386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8183259289940708788,16188934247412770386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8183259289940708788,16188934247412770386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8183259289940708788,16188934247412770386,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5092 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
6KB
MD56f99f6ffc46118d3e1901aa5971469e4
SHA1934acf71a7700b83e144fc9fbd421a4180de6ab2
SHA25674749e4c0b3d30fdea0298140ba4c0bf50259eba8f912fe2908944a8a58e9a91
SHA5129a7e05284e24ef5720c80a6121332aa78e10c2c2b1ca7429638a6a578e764e352e28c565c809014362b674122646ac9fa657fbc172cc183b3be9508a66e34c24
-
Filesize
6KB
MD513233f2e6684fa19ff7244962183a894
SHA1e36e7a1236ed1f4ec3a5d9f06080af8997346af0
SHA25625d8f1b2abc7734c0ebcfa0a3a49ad8c44975473c77a794dc923b747a70197d8
SHA512d0605ae4f9ccae3cdd85c5394dcdae287032c6f790278eb0679834f40d4748fd6097825d2874f54783bfac070c34737cf7223101ec30687e625ada562c4c2215
-
Filesize
10KB
MD58b0de881b782596c6d437c765d06af54
SHA1a4baaecac264de134fa38762c86e3a1045f02766
SHA2562055bf35a7e4a9852d65144394daa87311c28286bb3e7bb9f07573e80f43fb6c
SHA512f14ef7caa399597d4605e0150e4f9b38537ae1575113e10d099805b8894147b537914828059e1666b42901d0e55a2e764c65cf86d83f2547ec4e9c742231b862