Analysis
-
max time kernel
145s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 04:35
Static task
static1
Behavioral task
behavioral1
Sample
a3d64669492512b6c6d95dc701795d07_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3d64669492512b6c6d95dc701795d07_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3d64669492512b6c6d95dc701795d07_JaffaCakes118.html
-
Size
63KB
-
MD5
a3d64669492512b6c6d95dc701795d07
-
SHA1
6e0d79705fce64469a5ddaac4cfcd3d85a9d091d
-
SHA256
cb4199d7071fb2349266768715e4475ba7e523af4c81d631e3397944ff796b5b
-
SHA512
cdcc0cbd801a400dd6af0d8d3a5d059909cc7577b523cbea58bcd9e710781918cf84afdd74cb3781c4693ba97ad9ff9c07077980c2aed951ee42701bb629b50d
-
SSDEEP
1536:92AIRIOITIwIgIiKZgNDfIwIGI5IVJ7SqIRIOITIwIgIiKZgNDfIwIGI5IVJ7SZX:92DdEvO7fK8FQh7nIIgKg
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2452 msedge.exe 2452 msedge.exe 1212 msedge.exe 1212 msedge.exe 3140 identity_helper.exe 3140 identity_helper.exe 3172 msedge.exe 3172 msedge.exe 3172 msedge.exe 3172 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe 1212 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1212 wrote to memory of 3756 1212 msedge.exe 81 PID 1212 wrote to memory of 3756 1212 msedge.exe 81 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 1592 1212 msedge.exe 82 PID 1212 wrote to memory of 2452 1212 msedge.exe 83 PID 1212 wrote to memory of 2452 1212 msedge.exe 83 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84 PID 1212 wrote to memory of 1052 1212 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d64669492512b6c6d95dc701795d07_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0b3546f8,0x7ffc0b354708,0x7ffc0b3547182⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:82⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:12⤵PID:2032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6136889621839095314,14763483329701877907,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3172
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2780
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1108
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
5KB
MD524d66429ca42cd73b92ab01fa2f9bf61
SHA1eff3ea75005fd919d1b37891c39c79c81273b78b
SHA2564927e3f2855a2ecb2e41a464b078f22e9d0d04e8ba0baa73724d157f7a17de0f
SHA512b065f5f6b6acbedab7302bc3340684c301047af6e15f293abfa4268d7730409fee1a8123a2f4fc40d5275e3bde8c43253642d963bcb1e1df05a6f15a1e117670
-
Filesize
6KB
MD51dd54b144e86ea853fcea67492ca4694
SHA13c7fd2f5a77c46b3f8cc6a31fbe91bc7bf101f7f
SHA2564c7e402f31dead0e9509afb596188ad62c130da6210895aa855b1bc4220ceaac
SHA512f660ff47fae7b0638c0fc034d2dac702eea79e731912f915f34c4f5978cfe9a94363a458936fa4436445f0e79552980ba95277032418b61650a7846f6864ce8d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD539d137e09f008bf000116e08c5d476fe
SHA1cc328abb739486424996fbd7db2e1c61cbe368fb
SHA256e3d2c999f010c65cb4f017ca34a0265e273d8e87e905931125c41429bf86df61
SHA512c6216b81837f910f48445fdbb6cd1708fdebd03c58a8bb9fdb096db9326c85f01e100949618aa5afb9161445985306832f2d8cba6dcb79ce5fc4931e66412286