Analysis
-
max time kernel
139s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-12-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html
-
Size
161KB
-
MD5
f6a04b5fb90fa9cf4772de2c0725f408
-
SHA1
38cf93f751a22dd60d83ee60fa4d73492f013244
-
SHA256
fa90292cf5f424119e3ed7a0ab3173a420fb5e964f9572865d615ebfed799f49
-
SHA512
a997acafea8d59b4a2ce8f20a4c54bdf695a60a06cb70813795e3cf24e54526e250337b27ef4198e85db723539304a2c7094184e08f3b5fa4a150a65d8aee5b3
-
SSDEEP
1536:iRRTZU/x5r2mMHpLtyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:in2uHpLtyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4884 msedge.exe 4884 msedge.exe 1652 msedge.exe 1652 msedge.exe 4160 msedge.exe 4160 msedge.exe 4160 msedge.exe 4160 msedge.exe 5100 identity_helper.exe 5100 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe 1652 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1652 wrote to memory of 2300 1652 msedge.exe 83 PID 1652 wrote to memory of 2300 1652 msedge.exe 83 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4588 1652 msedge.exe 84 PID 1652 wrote to memory of 4884 1652 msedge.exe 85 PID 1652 wrote to memory of 4884 1652 msedge.exe 85 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86 PID 1652 wrote to memory of 2148 1652 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f6a04b5fb90fa9cf4772de2c0725f408_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1652 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8983846f8,0x7ff898384708,0x7ff8983847182⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2235899467483036128,9435177454413844687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:1640
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2404
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:428
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
6KB
MD57f74af2b6b75d421db962f43de10c007
SHA11b7d3a74396d66daada0a2043e19b54ff6f73bef
SHA256f73e21f829a54679b3d724f5933116b4891736f4f135cd679d0a66964676be59
SHA51274cee9ca81d681b8999207ef0f6cb2d489ddb36753991ee074f33fd37099969158b59c3355cd89af34777f6d8e52b7663458702823771470f6134aec40288cc6
-
Filesize
5KB
MD5d9cd2e56c2158fcbe43b2711ff86e101
SHA1b93650f885e44034fb2587af0c1748116f0fb752
SHA2565ce0def5b247129ffc45cb6029279251acc25a798eb61ff916b48073aee3ac30
SHA512f6c6618206639feddeac3d89bcc9db2ba21e244e5f08732d3d510f888984e6454cf4689307bc6ea61fe587477477a9ea3ff84ba18fe6a7a04efa12a332e70696
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5aaa12769febf8b70c8dbfb5ac3068c22
SHA12d2b755f082e79d7f30ee5b09e8a2fcf8cf7d785
SHA256b04e74284a4e50605581085a3a14a1d160d53185b08168fdc91dadb01ffa2b57
SHA512f4a301cf6433033c302f6c78c093e6e24a5be8d104417ed4edd2f54bde1f9216ebc40da050d6adc25d6bf487bb20da5c9742a1e586ace4ce1d55f7f1f303254e