Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:38
Static task
static1
Behavioral task
behavioral1
Sample
a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118.html
-
Size
20KB
-
MD5
a3b326e8b89bc19511eacb8a35ad032e
-
SHA1
527940ff6b30ec6ecfe546b7003fc1ce79c114e7
-
SHA256
2759d4ceecfaf85480acba9fd585d505f8204e7f18ac3fc0d093ddcc346a6293
-
SHA512
ee2b267e2367e6298512c5b20d0a1afb73a8c7eb7e1c50743a449fd27a1042b3c5f95c6d30ba33e97385a61511191f14aeab1cd8368d8656b3734b8e0396843e
-
SSDEEP
384:ziaKcRAa5r9DIiCVBD8cEQ3RLpegqbmd5WScfIk9xheMzVc91gh:zi5a5r9D8gcX3pimNOIk9eqq1gh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 724 msedge.exe 724 msedge.exe 2624 msedge.exe 2624 msedge.exe 3100 identity_helper.exe 3100 identity_helper.exe 2708 msedge.exe 2708 msedge.exe 2708 msedge.exe 2708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe 2624 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2624 wrote to memory of 4988 2624 msedge.exe 82 PID 2624 wrote to memory of 4988 2624 msedge.exe 82 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 900 2624 msedge.exe 83 PID 2624 wrote to memory of 724 2624 msedge.exe 84 PID 2624 wrote to memory of 724 2624 msedge.exe 84 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85 PID 2624 wrote to memory of 884 2624 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b326e8b89bc19511eacb8a35ad032e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd179146f8,0x7ffd17914708,0x7ffd179147182⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:82⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:2788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:82⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:12⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17267103942980961094,1875123113742471269,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2708
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4332
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD51573b01c533a7d530f853f5c14a90221
SHA1cbfa9eb1305cb8bcfd3a20824702736831614e59
SHA2561db5bc713413cc594041039c603ace5934508049c3c4b65438309fd481ecd42d
SHA512654d9e5ff20a7cc91d899745dbd53938ff593b9afa7868ecb69c8b90f622b526c78061ec663abfa5408ce80d0b3e84565137a7ff3f6928764cfee84ed01fb72d
-
Filesize
6KB
MD5ea0f50a71079ddc3809068e0b1ccc480
SHA140db2ee96f709df2a84dee476d357ba21f4baa76
SHA256338ae83aa9bbe5b0de65e6b54d3a53226d1f026f2da2fcb456764ca9762766e5
SHA5123276567ca0bdb69081916bbcae7f81bf960f06c21c4351ee49b3793fa86ddc0668360aa85f121966b96007837bbbba4ae4b2a0e1e84f6de5ba71eeeffb327c83
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5dece4ee45cba17b42ae8762cf60768aa
SHA1a20f632093726f3dcbb382fcbca473f86033d061
SHA2567b3cb056e26f2bf0f077ec0da03adb2f42c326b9d00e785e18f27da04de135b3
SHA512c273775d2c970b29e56c0f2dacf863251c54ff81926d8dc5596b596af7ae71ad51e39ec273f6379edef487853f0471343ef6d244c24120d3f4cf28070981821f