Analysis
-
max time kernel
145s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html
-
Size
17KB
-
MD5
a3ea5d51c701ef63b83894bbc599ee79
-
SHA1
b643ecfd091d9ace5772e0ca85ebb75f8a7e5008
-
SHA256
9f7c94ea7cb2f8e16ee408716f6a0c54d492297e2b76efd5f00fcb5883255106
-
SHA512
40f0efd5c28941b73e89dfd366c67e6c949a2a2e5d500890e6ca215a7a9eabcc72be0b134a6c8373b7c06f7f4e8af86086ac0db7a99e6363f652ba4eee55ca86
-
SSDEEP
384:EnnKnCIc9eL6C2/qzCAkpi8apjyaNoaqOF0:EnrcLk/qfLGaPp0
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3632 msedge.exe 3632 msedge.exe 1048 msedge.exe 1048 msedge.exe 3232 identity_helper.exe 3232 identity_helper.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe 3448 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe 1048 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1048 wrote to memory of 4548 1048 msedge.exe 80 PID 1048 wrote to memory of 4548 1048 msedge.exe 80 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 1992 1048 msedge.exe 81 PID 1048 wrote to memory of 3632 1048 msedge.exe 82 PID 1048 wrote to memory of 3632 1048 msedge.exe 82 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83 PID 1048 wrote to memory of 4848 1048 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3ea5d51c701ef63b83894bbc599ee79_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc4ec546f8,0x7ffc4ec54708,0x7ffc4ec547182⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:82⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵PID:1604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,8267012155166929634,2790904315083235082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3448
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3980
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4224
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD50fb57fc752de662e4155150af099c4d1
SHA15114d1b83e14e1ffec2d4436ffa3986b613c0e8c
SHA25679ef45424bcf8880134726c9e05ba44b0e48b5f591561a00fb7d65a041d6bb73
SHA512496aba00407843ee135bb5b611c81e1b8dc02f96118c0bb04fc09e71516527983df4051ebd31e2aced4b55492b0b4f377d2b9ff5ad61329edeb59d2b7e5b4af2
-
Filesize
6KB
MD5003def3431b819487050f6a760f393c6
SHA1885c7a87ace531b1b55cd16de49a95cbdd05474b
SHA2568172b982b9a95e535c0e1dbc6fae250f6ac432aa2d6bcd1f0ca7d980ba2ddaa2
SHA5128da943dbaec0ac8f398551cc08a3fe7d42ee196a27bc7de9800f04d0326841c861ac9b9adb249b9e1fcdf28a3356afc54b1dadb7c9ca182f731556a393b141df
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD50df16249811bb329b2f4e0c9f9962efd
SHA142bee0e8d902925988b0693306ab861e5503de24
SHA256747ca61b933839116fb961bb94a2713112a47b13d9f162c735b0d5e877f732b9
SHA512b500a8000ff155c97300655e9b79ea25b0ced8e91cc4ab2c2f86c5dee761559aed744d130a91aeda728497f8b35c5e2a71a59f32a8c71ba9e1a0da78157604b4