Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
18-12-2024 04:33
Static task
static1
Behavioral task
behavioral1
Sample
fa1be5a027b8d5c5af71aa406067157d_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa1be5a027b8d5c5af71aa406067157d_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
fa1be5a027b8d5c5af71aa406067157d_JaffaCakes118.html
-
Size
160KB
-
MD5
fa1be5a027b8d5c5af71aa406067157d
-
SHA1
c0e6fb68f8f64014db7e89d7b852c7c7ae1e415f
-
SHA256
3792ec633b9867ad18d192723403584bc474766996dd2ec9bc7d49f870830655
-
SHA512
c3df94da69af2862f8e6a620bf75a7e7984de34cf079d91137a093ef84c1ed82035f82f324075aaa5f88c77104089ddf72ac1a8f30e96c8f6e3b951d0c86b347
-
SSDEEP
3072:i6k208TAqjyfkMY+BES09JXAnyrZalI+YQ:i/8TAqGsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4052 msedge.exe 4052 msedge.exe 640 msedge.exe 640 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 640 msedge.exe 640 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe 640 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 640 wrote to memory of 3672 640 msedge.exe 82 PID 640 wrote to memory of 3672 640 msedge.exe 82 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 1708 640 msedge.exe 83 PID 640 wrote to memory of 4052 640 msedge.exe 84 PID 640 wrote to memory of 4052 640 msedge.exe 84 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85 PID 640 wrote to memory of 740 640 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fa1be5a027b8d5c5af71aa406067157d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84ce646f8,0x7ff84ce64708,0x7ff84ce647182⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10330506226411241632,14524455893056004394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10330506226411241632,14524455893056004394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,10330506226411241632,14524455893056004394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10330506226411241632,14524455893056004394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,10330506226411241632,14524455893056004394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10330506226411241632,14524455893056004394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4736
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
5KB
MD52e19175466943ab6319c8807d418c6b0
SHA19e2882ec74d481a63425a7429d999c09e0c09fc2
SHA25619530d9cd3ba6d7c5f1e61f26619acbf83a5d52b34594a20c70b6ff5c2acc82a
SHA512c523b03893481e49cf8833973f8f8a5a413e893983ece562152db161a807234e653b477c423f6e152ed5e39c1bebb0d3df329e20b1deb07fc65a5427d8c72a34
-
Filesize
6KB
MD5ee569b923b260e4de95c58cfcb9fc171
SHA1a28eb83065c8a23cadec48645d6497eb8e50ca6a
SHA256deb369cc2d2c03c1c7b7fca3f97a23691ae8e4ea781527da0458edffbe58a1bd
SHA512d730e14d070dd256264131e0ea522cc6218b11d29ca68936c86f8145bb93be7addd948d549b11630b0d851ff9d36bf5ebf42d9e7a075906fc9f87b3b5f8d96f0
-
Filesize
10KB
MD5ccc387571bf6f359a00a779a7c92ef0c
SHA1518141183c6621a11e83885d657ff9a122e83324
SHA25684083a5ddb5be424483326f3fb700815d38ec5b0ca83a122e4a9ef28b361b363
SHA5123520ed4f5f72aea4a3dd28e41695340f6e7883fd134eab2ae59f5d7a6fd765129a9f2044273b7cb5ea5fcc2dbc82453551e293e813b074fbd3a7536e7ed3efaf