Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 03:37
Static task
static1
Behavioral task
behavioral1
Sample
a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html
-
Size
19KB
-
MD5
a3b31089c66421c54bc9a439b5869ea1
-
SHA1
e545e44d48c592ffb4c0a9eaa9cc497f8ec5a82c
-
SHA256
ef99b103337aaf79bad887352e085f86e15196e5d8cde6eb0eeda46c29c73565
-
SHA512
675370400b6cb4a16b31642065a9f1fc2a524aed78522a8135923b92f08ffcff81f60a3083996933e2698387b0e8a1f6e84136e70bd90cc85791164244229170
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAIy4QzUnjBhEO82qDB8:SIMd0I5nvHDsvE9xDB8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3148 msedge.exe 3148 msedge.exe 468 msedge.exe 468 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe 4432 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 468 msedge.exe 468 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe 468 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 468 wrote to memory of 4176 468 msedge.exe 82 PID 468 wrote to memory of 4176 468 msedge.exe 82 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3220 468 msedge.exe 83 PID 468 wrote to memory of 3148 468 msedge.exe 84 PID 468 wrote to memory of 3148 468 msedge.exe 84 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85 PID 468 wrote to memory of 1244 468 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3b31089c66421c54bc9a439b5869ea1_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba3b46f8,0x7ffeba3b4708,0x7ffeba3b47182⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,13587601786949855664,437896556402185750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,13587601786949855664,437896556402185750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,13587601786949855664,437896556402185750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13587601786949855664,437896556402185750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,13587601786949855664,437896556402185750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,13587601786949855664,437896556402185750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6132 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2624
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
Filesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
Filesize
6KB
MD54ca399ef8df1721cb0e665b5f132acb6
SHA1957e8f1458aa7362a9cd08ba46eb9f3ba80ad5a6
SHA256333e70405297d9bf7987bb4e5a3d49cb4a04efeb23b7e24753ac7ca060a24f09
SHA5127cad14dca5a8ea085dcba3c097f0628b8b1ac9f6eec1326e6704990b6f05bb5a3bd4a54798f6987c9686c6761e9a77daeffa45f431fdf871dcbe3fe9a72016b3
-
Filesize
6KB
MD5b3cc6a8e865aaa9350b23ebf998d4b2a
SHA17d7006ba5b5e44480f1d782b26b4c47c190fa89d
SHA25602c82ba629040d39435480fb7b17492b06fabb99c18350618dcca337c849ed0e
SHA512d59a1fa5e74302b65e02893273036eef272749cf318f7edaf7c725f428972f308b6eb0aeb2529878df33f517d69091d6edaed7c253444ac6b7f535e385a1d4ce
-
Filesize
6KB
MD53627d47490956f9a7a7bad40dab77e61
SHA17d4c2fde57eff3dd1327ef2375f4a3c823335841
SHA256873f72b14b0f62928a2e6fb715f87c090f831f98cd3b6a75c4e00ca77b89c321
SHA51226739eff6d3769e72450ade3e837b3a6bb9d12028fae7eb283fb26b9aba3d947af17a29ec2f99bbe538c84a734a1c9c29d98987558c7dacc57432cef1a3750a6
-
Filesize
11KB
MD5bad7ce36a46ce5947a7282c1af43ea6a
SHA1c2bfc1b2a665892bcf6b4f60891266c47ba47bc1
SHA25641e91e5be9ad506add576380f22a348b52c83b0ed348d35d7b718d9b2b5778d2
SHA512902decbbf22f8a71f4ad78019701d789502a5e9f3f82e09bb667be5f4000af9d4c8df8a03b402c766ed64758941afe0cefb3121963005aa6ffe1b0ea12312826