Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 04:39
Static task
static1
Behavioral task
behavioral1
Sample
a3d885dac3d865c0b3e9372d7ad603b0_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a3d885dac3d865c0b3e9372d7ad603b0_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3d885dac3d865c0b3e9372d7ad603b0_JaffaCakes118.html
-
Size
139KB
-
MD5
a3d885dac3d865c0b3e9372d7ad603b0
-
SHA1
982730a51748c70ec950556243af140667943c74
-
SHA256
28f68484517432b4889133fa355de1529b74a781eec6b8f8532ac11cf6d9bd87
-
SHA512
3bd0daa10deff98474df43c5f4c66ef98685e7316d86e180617a383194c113396322c64e92cc2a11bbdf7442f6ebf6a3e940cd77dbbc900513f17b3d5ae34bad
-
SSDEEP
1536:S2YXImXalHvyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:S2YdXeyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4080 msedge.exe 4080 msedge.exe 1424 msedge.exe 1424 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe 2312 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe 1424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1424 wrote to memory of 3308 1424 msedge.exe 82 PID 1424 wrote to memory of 3308 1424 msedge.exe 82 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 1956 1424 msedge.exe 83 PID 1424 wrote to memory of 4080 1424 msedge.exe 84 PID 1424 wrote to memory of 4080 1424 msedge.exe 84 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85 PID 1424 wrote to memory of 4020 1424 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d885dac3d865c0b3e9372d7ad603b0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff896dd46f8,0x7ff896dd4708,0x7ff896dd47182⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14231364059311072785,632293263007115489,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14231364059311072785,632293263007115489,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14231364059311072785,632293263007115489,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14231364059311072785,632293263007115489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14231364059311072785,632293263007115489,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14231364059311072785,632293263007115489,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2312
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4800
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD55d169e5820b14aebdc636d87b86a4f46
SHA1dd32c3f08f154a8d963a1242bd6f2614540cddf4
SHA256c3301dd2aceae17fa0e955a3d1ad8d77f42946f85d082065cc6da21752319037
SHA51247d7e8e444c39ea64a12f34fa11c30cc689a24dc71494142f370a628f075a71fdb601a01fa415d23ee1c5473773766552c078cfdd2910074d439e7f2867237f9
-
Filesize
6KB
MD54308c51ed2620a7862e72d4ac91803f6
SHA127f18244127bf3ddf6e9969612d32217e4f0a9c0
SHA2569f83d9bc6992a67f01097db9e6017d9ed2707a1d588d8fe7832515fdd83d9e32
SHA5125d495de405ac01966d6a95c6fb14857f857b9989ad66d59fd71152ffd476e11fbafae2dce03d465aaf72c88d12dc9c62a039406473ba59970b15d50859c70a96
-
Filesize
11KB
MD5c55fc4b53d7bffe6ead2b46777ffe20e
SHA12054d7c54cb6458d98fd6495e8b62e9171be1a10
SHA2561e7ed33ffefc2fedfe8a6e412ad656130e01a41de55bc8fd26a2a51792582b81
SHA512e0973bfb144ce6761fb76af4f69bbe9940304df82faa0871b61d096b7d774eacd90c437c4e14665e72d96a4435d289e80abda2321f1ba1da3d9861e322fafc79