Analysis
-
max time kernel
145s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
a3924ded4d137f602897c8badc9ce148_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a3924ded4d137f602897c8badc9ce148_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3924ded4d137f602897c8badc9ce148_JaffaCakes118.html
-
Size
69KB
-
MD5
a3924ded4d137f602897c8badc9ce148
-
SHA1
96015beebeccf08f9c8ff64012331ac9fa5c7304
-
SHA256
bfdb133f2376c8f120a0d7e5b2836162c17308672d42548d25a204ec73e2b996
-
SHA512
300bace5e7ade6fd08968825775650334b6a8757f26cdb924305a3664c489f2447c7930c5f4fcb1a98ad13448a7e2ca339bf8a9505e05453acab2abed55dee89
-
SSDEEP
768:Ji7gcMiR3sI2PDDnX0g6sT6I1a7oTyS1wCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:J3VTzNen0tbrga94hcuNnQC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1192 msedge.exe 1192 msedge.exe 4920 msedge.exe 4920 msedge.exe 408 identity_helper.exe 408 identity_helper.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe 1888 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe 4920 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4920 wrote to memory of 2180 4920 msedge.exe 81 PID 4920 wrote to memory of 2180 4920 msedge.exe 81 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 804 4920 msedge.exe 82 PID 4920 wrote to memory of 1192 4920 msedge.exe 83 PID 4920 wrote to memory of 1192 4920 msedge.exe 83 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84 PID 4920 wrote to memory of 1364 4920 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3924ded4d137f602897c8badc9ce148_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcac446f8,0x7ffdcac44708,0x7ffdcac447182⤵PID:2180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5041868986550111027,11285524878985384108,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3856
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD5f504344c5904a9e1ff0cf34f024b8df8
SHA1233459b095ad621e17e4fcae90b5375947572bd1
SHA256dffa117e333beba40ec211d236cd5aac3ed7eb5eb9e880b2b1d8bef9f85df169
SHA5126639f6ca5df5f6c632d190439ee6943ef37556dd14a9f0ca308128fa2c5fd64c84ffeb9c180fa8e9f39ee24a55b5be1557b4a7a3a3392e585741e2362c8a7f42
-
Filesize
6KB
MD59f7456c172158d680ee9d3f23ac729c0
SHA19e38838fdf58cb7b97ef20eba24a9441d7f1cd2f
SHA2564181419a6856e0587f88ed4ce39a8e49dab7378aa3ea55de7f1e7a4689f80b76
SHA5121d08307a6fc9eb1af661460ddd41f4b2f85f5ff3d7cb5132957b57f281e649761db550cdb2fcae0dcb63c20d484928f0e47b9ee7d6d147d9ab2ae32f3a373ded
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d3a7a45f823a5de08bcfbb4cd5ae16ef
SHA1e97ef72b8dcc443a5e48e7138e33b1aaf09d1135
SHA256cd3a3de502cbb1b14258ae4b9560eafc8cf46f4abdb04c9d88bb531f87a3f7a4
SHA512eac58b593fd30bad231e611cfd7ad8e55497df56a3289a72ec5ad625eb6330183c3b35e77398aaca9e547c2f1e1a7c3068fd76075a707618ef217aef33bb1e23