Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 13:06
Static task
static1
Behavioral task
behavioral1
Sample
91e3ccc6e2f9174adca98e38261de459_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91e3ccc6e2f9174adca98e38261de459_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e3ccc6e2f9174adca98e38261de459_JaffaCakes118.html
-
Size
21KB
-
MD5
91e3ccc6e2f9174adca98e38261de459
-
SHA1
de38ed1372d664f43b6b7d777780509402cedd70
-
SHA256
65146d01abac46658ea600b1a625f6547363a8e6088d8213846e715383b31536
-
SHA512
e8fabc4a0a36481e8fa357b2283d8799087639bb04b8465e49043f3a70a7358b325efe46d1fef097e563990f81a6175bde358366bbf87feb97467e21ec804a5a
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAI3tETPETJmtET8mtETgtETPETJmtET8mtETK:SIMd0I5nO9HpsvlkxDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3644 msedge.exe 3644 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe 1324 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3644 msedge.exe 3644 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe 3644 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3644 wrote to memory of 3484 3644 msedge.exe 84 PID 3644 wrote to memory of 3484 3644 msedge.exe 84 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3232 3644 msedge.exe 85 PID 3644 wrote to memory of 3440 3644 msedge.exe 86 PID 3644 wrote to memory of 3440 3644 msedge.exe 86 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87 PID 3644 wrote to memory of 1560 3644 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e3ccc6e2f9174adca98e38261de459_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa37e46f8,0x7ffaa37e4708,0x7ffaa37e47182⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2401770378683495508,6595674049091334649,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2401770378683495508,6595674049091334649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2401770378683495508,6595674049091334649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2401770378683495508,6595674049091334649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2401770378683495508,6595674049091334649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2401770378683495508,6595674049091334649,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1324
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\495289d8-1375-4e98-b9c1-d5163c324614.tmp
Filesize6KB
MD5bca06e00a25142b501ef579121981fb1
SHA1da7fd53cfaa9960bdbb1b288a7f3cc0559979bf3
SHA256397997ea63526ca9782e4bf4652b42fca6491f24248199fb39bdd493b4eae5b5
SHA512d8d50d1364394a936161fa543e26c59af946b131b1171ce083c1e48d8133593ac0ae361d132663517c7f73fc0d3a2e48414957c01eed5a8d15617b2391baaa58
-
Filesize
5KB
MD5649cc7247d1eb212a2ef7775203d218d
SHA1ba72433d1d0163e4532c22c3d965d4514f756f98
SHA256e2df2bfee0d3825ed7f341baafb16c976fb6a91251af3478b3372a33668840f8
SHA512824d7a95cbe84f80bbb584354fbd18142dfc1dc366660694403b9894d6593d2beb9ac5f4d8ceffd5b56b873fd8e1f0d1877beacd17c19d115a65b0db077a00e4
-
Filesize
6KB
MD5f30736e9fb0257078d233e604d6a7bd2
SHA163ec0698acf577483032238518f651a1dad8dac9
SHA256dbeac9d2c3f49b2ba64af5985f390ba292edd16446ef6b55d1451d2237048bc1
SHA5120d69bffc7ec163026b49c9f47d2798ae54e70f167b71cb56e51eb574f0e344ac01ccd8e96e588665cd1f4f610fd95a62d6dc2173f72c63c041a040d714976f9a
-
Filesize
11KB
MD5dda6888613f97d0365b09bafed604129
SHA173c99d598dd0b219caf6a2d6260dfe561ca73ec0
SHA25655ef5aba9a423016236844a69ac43a4f29eb674eb3ec46e72bce553db0101c2f
SHA512d1456540912dfe335728866f5ade223a671ef3b7b3a9700dbb9ee208c94afdac9d1944d03e2a9b322746b5e77f3f8ba0cac2d7867ffab3b60a85e05ae187dde9