Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
16-12-2024 01:17
Behavioral task
behavioral1
Sample
f69f98c63f7e00fe725282708951d9c9_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f69f98c63f7e00fe725282708951d9c9_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
f69f98c63f7e00fe725282708951d9c9_JaffaCakes118.html
-
Size
129KB
-
MD5
f69f98c63f7e00fe725282708951d9c9
-
SHA1
c1509e9f413e3a7a11293cb628eaf8faf47fad29
-
SHA256
13008117f9b30b75c38121386064cdb1cfa6ca5659576b620a2a14353cb2a810
-
SHA512
6a759ca3da32e71da5af4833882ba44c8976ace81b2fa59ff253220f11254cf5ea50bf7074ca89f9aa965f23501c6db7dc3503ee33403027d7e1e189ab584fc0
-
SSDEEP
1536:SyWsHIDIcul6EyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:SRIXyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2392 msedge.exe 2392 msedge.exe 3088 msedge.exe 3088 msedge.exe 512 msedge.exe 512 msedge.exe 512 msedge.exe 512 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3088 msedge.exe 3088 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3088 wrote to memory of 2152 3088 msedge.exe 83 PID 3088 wrote to memory of 2152 3088 msedge.exe 83 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 4080 3088 msedge.exe 84 PID 3088 wrote to memory of 2392 3088 msedge.exe 85 PID 3088 wrote to memory of 2392 3088 msedge.exe 85 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86 PID 3088 wrote to memory of 2160 3088 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\f69f98c63f7e00fe725282708951d9c9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8736146f8,0x7ff873614708,0x7ff8736147182⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16976542514997964799,1255093864018534431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16976542514997964799,1255093864018534431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16976542514997964799,1255093864018534431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976542514997964799,1255093864018534431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16976542514997964799,1255093864018534431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16976542514997964799,1255093864018534431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:512
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2884
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:320
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
5KB
MD515c0af1e1a7471cb5ee30b4c7b2a679f
SHA14e5d1a7e704e67adecc315010b383cf6ff5f9590
SHA2563fe27c36cb73f37e3449192e5c1ef450f325e27b2f5b443d37161b3337a3eb93
SHA512862911b9241142bf353ef7450905efa0353ee212caf954aa7c60d5ac65cb13673012456be002ff0dc4a41b63002c8389bd3cad6f74acc51c2316c8157dd11e2d
-
Filesize
6KB
MD5d638ce055575f373114fe3ddd47ce232
SHA18cc65eedb8975b74f6b8a64c666058dc90908ce6
SHA256a644410dcf36b372f7e83c7c0208977e180d8c501096d0e186023a7df2e515d4
SHA5121497917f58891aa18a0298c425d3beb585ad2fa74ccb6490fed49b2d45f0860e57c8be57907807ca271ca313550cfeb014738ba927ab0032d854fdf374487748
-
Filesize
10KB
MD5f91430638452404a1ffd44a00c2089cd
SHA17310f3d2494a49ee8bae6d90c14d1a70c9d1602e
SHA25666536f0baadd9e40d534cded3f63d0baa6a57d4d582805354d3232a62e33554c
SHA512d13400808c38cc10d98ad3e1b42cadb4902d63295f3775537198e83c392b1c0d0bc0280bec4952021e45e03d8429d902f0947abe484517d7f2079a17adb6c1e4