Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/10/2024, 07:33
Static task
static1
Behavioral task
behavioral1
Sample
2d471801f572c813180d2f4caabb1a29_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2d471801f572c813180d2f4caabb1a29_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
2d471801f572c813180d2f4caabb1a29_JaffaCakes118.html
-
Size
4KB
-
MD5
2d471801f572c813180d2f4caabb1a29
-
SHA1
5b7ad57eeccd0a492cbcd95a715a56080a5d85bd
-
SHA256
78392b00a9a704c8761e27cae72a9fe46729a70ce2e5b802928b02fb3a46bae5
-
SHA512
0f69546a9e5f68774db22eb5c990013cab5607d4430d8bad54c359a3f68fa78d2b2c73c7f790501c7c6603bc76a2446964f6590ebb8e8b315c485c893275a00f
-
SSDEEP
96:x4C+tFO5JANLdCOo1NUX+4KC+bt4IiIqp7mk5NsW3C7rQvs8reGmHJ:aGP1X4WbKg67mkH/SkvTmp
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1860 msedge.exe 1860 msedge.exe 2376 msedge.exe 2376 msedge.exe 412 identity_helper.exe 412 identity_helper.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe 2768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe 2376 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2376 wrote to memory of 2100 2376 msedge.exe 83 PID 2376 wrote to memory of 2100 2376 msedge.exe 83 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 3288 2376 msedge.exe 84 PID 2376 wrote to memory of 1860 2376 msedge.exe 85 PID 2376 wrote to memory of 1860 2376 msedge.exe 85 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86 PID 2376 wrote to memory of 2896 2376 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d471801f572c813180d2f4caabb1a29_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61d946f8,0x7fff61d94708,0x7fff61d947182⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:82⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13196025084601813804,10453028575008488120,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4516
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
6KB
MD51c79992157fbabe6bebb94318fff965c
SHA1284116344b6d4d86d1ee71d4f86931278a3f43a7
SHA2569a4c0eaf4a3d315d6eb67d11da24db62e2fb9ee20aa866285d3c5030371ae6a6
SHA5120bc12b7e394cac0a0bb2ea23ab97fe61e3519438004b71ee69ce211ee10fe53126c89dfd6c84bb7b3d295212fc7b6c0976a7903d104d37a6fff357e1c6159c68
-
Filesize
6KB
MD57c7391d2e8ba4a7778d6468d461d6c79
SHA106e866a6837b6823fc418940e8629b12f23f28b7
SHA2560b24ea03e4848e660f5e99b9a1e50e2f59db836e03546fd48137eea69678ab9d
SHA5126458aae9bc8bb0a02a80dbd052abf2e5d27456c12ee6d6f9de2344af3f30c99ed12d092926c478c87ecb16a66b2c265f45d61e3109bd96bea7d795c091ee274e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50f63c9fed2e8e25499dd0581be481842
SHA103356fd47ff5b73a02be0cd1284d9b28719020f2
SHA25690527063647ef9d6c6cf682d01390ec02ed32bb45f346902afb8b3a55b8aaa0b
SHA51287d27b2f9c6b1f8c3952f7e1409b0e354c689be8d3b1ca260af28426550b13e89804567088d3ac8829b788b894a5a393c14f2339de8beaa3f19c9f2ddcd4a21f