Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 05:02
Static task
static1
Behavioral task
behavioral1
Sample
a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html
-
Size
150KB
-
MD5
a3e7a4ca9f1faf47c99a9dce98ffed31
-
SHA1
fc397a11dac8388647884801b94caaefd25bb938
-
SHA256
aa92d4a38b9d4350eb6f9bb43875cb40ad5256d35e16bba3e472f6dcc257207e
-
SHA512
2d077e9a23fdd27db0d475755fae801986a46e83076b1848c6dd415d169d1c63e890b9755a9a66ee600e6fdddc87e252723c747a2fd4e263bae064de07930b74
-
SSDEEP
3072:SFQljMgpYEelQ326Zgh1OzcQhetUzyODxs1/ivpug9EFnTVj:SFrEelQ326Zgh1OzcQhetUzyODxs1/iY
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3904 msedge.exe 3904 msedge.exe 4544 msedge.exe 4544 msedge.exe 2880 msedge.exe 2880 msedge.exe 2880 msedge.exe 2880 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe 4544 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4544 wrote to memory of 532 4544 msedge.exe 84 PID 4544 wrote to memory of 532 4544 msedge.exe 84 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 4948 4544 msedge.exe 85 PID 4544 wrote to memory of 3904 4544 msedge.exe 86 PID 4544 wrote to memory of 3904 4544 msedge.exe 86 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87 PID 4544 wrote to memory of 3096 4544 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e7a4ca9f1faf47c99a9dce98ffed31_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db447182⤵PID:532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6739372806000025329,16898614554894270625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2880
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4984
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2864
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4368
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5b7641bc4e28670ab7b0b1d24669e17f6
SHA1e0d66281d26aef9accaa39864649e33419a0ae63
SHA256a4acdfb618f80c9057495f42789eaec7c63fe44d6f5efd3d02dbc2bee0882afa
SHA51273f0478c25854758d36b04889b6de149115b63af5a6ae1c563a404d7d4380f3f2ffeda2c7544b354e3cec7c8f62707cff6b0a6a1eefdd8fe046caa5db1041a63
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD5737f969965830bd215fc9a058f39d829
SHA14916d75cb88b65465b499adc96d34c3d1fa80b40
SHA2560f25f046eae754f250bc7adc2aefe1267c5ccba14afb7af1d32068d7e43d5cf2
SHA512fbd3ba263f6daa5f6c13e7db3a906b5e04d0f2c23c35f056ad822db9a9152c1d3588d5888b190f1def5162405089b79c021c23b25d87047047c4744f88558ebe
-
Filesize
2KB
MD59f678d9aafb509f2f9f9c54f89428596
SHA11f3b5e0a27fea834ce0078722be0bde40241b8ab
SHA2566fa8c21444a546235499cfdd809729da30dfd91adf0af663b858b3f704eafe85
SHA512c81ebc34400d3145c960c293ceb0e904b5eddc47e4c754377203b29ac9ddf32dae3906e47c2ea5bcf435b90bb257f09fcabbcb90599dcc3d40066f0a91bd82df
-
Filesize
6KB
MD5183b7f13c88da9521b0067e447383535
SHA1c3bdbf3f84fec11b464674e1f7dd10a3eec4297d
SHA256eeb24585a3dbbefe2c8eabe6eabd179fc66fc4f25fcd3a8872e6bf7506e42e64
SHA512da12d6a5e18496d9d97814836570f5026694f77bd8677f1c1f6d1c6d8225a3a243b822a363ec2201145412f3467a0fbd57d4db06e794152c63108c23b8d11135
-
Filesize
7KB
MD531fd9494b32087881f0d9f6878619d48
SHA16ec50e4b3e3c7aad3c07b0d79698ec1b00f858db
SHA256387c9641eb0bd31d27615d5fbc11e4cb19e90f49f2fb1d011ba2d31e91a71008
SHA5128bb04ec55a82ca78e97e82f83c9ae8c956441fd8d700e2755ea0d830ef4de2272aa1c8616cfdc321f25a4b87c7f866b7b8634fb34cff390339bffcabccf9f5b0
-
Filesize
11KB
MD5b8660430ea4642397124d09c5b6112bd
SHA1b9a574131855eda69fc54d413d0de7c60a7ef5b3
SHA25692d9faf769b62fc8f4782e1576d6ae82051ac684013df039a949520ba0005567
SHA512e441d2cd33faae5fa900116421a5105d09149d216fc320f9b8a0f51a79ec2080fde0c45b478081d92295753b214090c375fe255682db7072f785dedd027e127b