Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 04:38
Static task
static1
Behavioral task
behavioral1
Sample
a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html
-
Size
418KB
-
MD5
a3d83fddfd88d60a19d3a57df5a481e5
-
SHA1
9e72a788317a9c7b5c0553c13e8535f297cc96f2
-
SHA256
21228925e3b15ff741d62a1ae1c56b9ea1223f98747d4b3eec500ed7dee17565
-
SHA512
e2272757423a85684d173e1b28f9e97f28fbd9a4b6f8310fc25d000a2e148979c68ff257b9fc4ecb3984ecc65999b8c15703da1c3c7b44b20eb20444fef70328
-
SSDEEP
1536:Sjyn+KgqvdhHWfc89wV7iHR7Z5TfltWQyn1qsYcZC8nI7rAWgPhz0+PPSmW/LPtN:Sj9gdwFtiO8mkm+Cc4
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3012 msedge.exe 3012 msedge.exe 3528 msedge.exe 3528 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe 4064 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe 3528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3528 wrote to memory of 2856 3528 msedge.exe 82 PID 3528 wrote to memory of 2856 3528 msedge.exe 82 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 2676 3528 msedge.exe 83 PID 3528 wrote to memory of 3012 3528 msedge.exe 84 PID 3528 wrote to memory of 3012 3528 msedge.exe 84 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85 PID 3528 wrote to memory of 4184 3528 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3d83fddfd88d60a19d3a57df5a481e5_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c846f8,0x7ffd15c84708,0x7ffd15c847182⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,17022001202080604303,2852586091805663376,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1412 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4064
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2136
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1768
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5598f130ed4569499d76580afb734e1eb
SHA1eb6cc813bf48eb0a49e9442ef73f305fa4b0690e
SHA256189a6ad190d57623ba589f453c9f33d0ed4a330774fcdaf7b8fa88141c973229
SHA512afe5fae2e793d1574f622430daeb5b2223cace6db3a61dc45211dd58a817b634085ee4b2c1b6443f3ff6bd29bb4b024150f0162424c49cfa3aebf7f469771cb9
-
Filesize
531B
MD53b7da619b41a8641492c3c300091328f
SHA103dc7d3d3552446ccaf7b7d78445b8d3917de06c
SHA2564e25587ac7c9b5ce393698b6e88c4d2f0f9f3d1afcadf987d9528e8ef378cef3
SHA512e5e03e94947f116e1374e84499358f838d196e81118fc618bf36f05f352f1b800e46b6fee4a7bab943ec5c3f409a78d1b9d8a02d52c35ad0a61f47f5d553cc41
-
Filesize
2KB
MD5cce690aa1708d0de794d51f2c1063f1d
SHA10ad5b226c44122dae6fa0a23130aa5e1905ed7b5
SHA2563a8f48433d39b7a1b0707cebde2ccfdcf92b570de798b0a75e204c43aead516e
SHA512328ace6588051ebf1ce3d258424cd224ba92a399a9ed12316f3a0b8da39fe9fa1ffbe9fd23e7b86279e455464c0b1eb59eea6c35e89bad9be425c86328cc5abd
-
Filesize
6KB
MD52ca6ce0977bc021885c88114290211f2
SHA11283b556946b22f368d45bcb1956f43e40713b06
SHA256f7caadde76e77bf7abb44bb2855b928284b1260ec33000d6ff01c42ca2bc3bd9
SHA51264c72443b1164954a13821de4e6513eccdbbf57a403266ca60873b345cee1120629045f77cf715211041f80e6efcc18a708329dffaaecad7d0d27181378c230d
-
Filesize
7KB
MD56ae5de7efb594f7ec82aea145ac758c1
SHA1760f61958dcf0d2e22eb310d13237561112a000c
SHA256af1d583dd44c0b8a9536690cd1b18fa49ea143f48de9708586ab81ca9aa259bb
SHA51244b2e04289ea3b8b4a1e2b3d56ac91c0db61312429fa7e85eeb83653defdabd663a548901bca63bf9c1f777fd987e224049abb4f9e16a7531f34eaf055c4a1fc
-
Filesize
6KB
MD518623ab92b0db26cd1160f58ad2ed3f8
SHA19a61896e114c207d2fd077c698b983d495fbe7d0
SHA25693e4f20a089047a0bff9f68a3d156d7a3345bcf8f14a6ca9311b6f58a53784d1
SHA512de56209a599c5dee8f063798c2abb631b7c5b99e7e5773e36647ec9ce1a808099458d777f26a50a44b529fb6d93caa0c7081dcbdd455cdd74c319afaacfa2938
-
Filesize
1KB
MD53064789aaef81ac5fcde98c0e883e8aa
SHA128987a132026f15096fe5aac8201ab6772fc1e0c
SHA256719e5a025bcac9ac3ef3cea7b4527fa06c64b55d5f883d217807898993669ebb
SHA512cf5f62159e2743a31540d7dd641a06f0cabba2dc56679c6a6f67c266fa59411e6435f3fc1ae194db0b260410fa34cf0a4fe3ac288174985ebef2191544140c29
-
Filesize
1KB
MD58ffc263a3a53175c7cc82c7c5374268e
SHA146851e7cbab14064efc09b95fbe5bc35728b4d37
SHA256ddf0160eabb1972c177c801b99ca54ed8a14a09d2377330ca10f76fcd05d43c6
SHA5120498dac613218dee08ea4ade673f1ea869f6a3ac6262e9a04a33bd185861e99f7999cf3525f5bc3a12a8af51ad5aec31beb7159da16179cc6ca106ec40b3ece4
-
Filesize
538B
MD5617cdf5f1c6b548924d6ab3def2e0e68
SHA18b6ab88f26118b4f630fe50981e9ea58b3666c30
SHA2565f91d9cabd4799e7ae5137282c075b83515d6dfb4a442435fa44bfe925f1edcc
SHA512604d7fab1e0cdee4b70c3399cc4127daf0731f39673141d08deafd25060ffe04ada8272f13daf2744886e15befe22c3582eb8ccf172eaf122f263ceafefcdd20
-
Filesize
1KB
MD5e85ea8103b1450cdb0f3fd3f1a070acd
SHA15dfd1dec9615dd05100a4c0e731f66a41a823303
SHA25618354690a68e40bb916b6007864f98b43da13c0a324814bad4c88ba7fc3c28ed
SHA5127fb3af73913f36bc45f11c83d48f09bf1a9fd46ccd170fb285b2ff400731751054555162c8514af00921416b2747bf62c0c44ad0e45d842f9aff62b2f2cc5625
-
Filesize
2KB
MD543429180acfa92b3ac7de04c11a8fe61
SHA1a9a80ba6c494f13280ee8aada5a69a3c67c064f8
SHA256e29754a0826b2396f14680463534828caadb2a066cf9c55059a9193fcaa12241
SHA512a65af025f57015672aab2ad2b8c290c091714923e5c5616d18ebaf18a273a0b1d90691d3c2f22cd776ba0f16c46fdcc0547e3d649a4c470fa51459eb72a8d595
-
Filesize
203B
MD5d409f3ec7e48bdbcfb4b7c5a0d7fda1f
SHA18a7fd1bc32d60494d147af3566423d23ff2689b5
SHA256695fb1b8ab3868fb4fd0ff8da95811be61e13de24bbdd8c61b3cb84f63da4033
SHA512a26b1eb0df07189776c60fd113c4804345db8e06b39ee8f862903c1b785e6ccb066f5ee40644640d42c5926e6f18dc7615fc500f928c5875d33523f4c0c1840d
-
Filesize
11KB
MD5c657c0b6366f70463de2f7cb0cb9634f
SHA103847ad429a092cb2c41aef9ce398367fe89ddae
SHA2560f26757b23efe28b01d08238ae43d673599d18bded28e00c93734361897751ca
SHA51294d1596cd26ece3ba07d7128a3d5f8ccb7038988dc71978cf663165e1b8de0590c1c5f0f88cf4500fd525a718c8479c77c3ff3c4bccc821291a0b1440901f5b9