Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 05:06
Static task
static1
Behavioral task
behavioral1
Sample
a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html
Resource
win10v2004-20240611-en
General
-
Target
a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html
-
Size
213KB
-
MD5
a3ead53961cd27e15329f54de9e9578d
-
SHA1
38b030ed68315cf6a30bc96f08a5b618f5c37c38
-
SHA256
b186d94acb8846394499c0b922c556e433616d26d12b3f9ec0ad480da632aa58
-
SHA512
242634f3a24ee9cd26513fde7a9c5f70d9a4a5835440d01d8bf8f1db49d9edc3c5da9fbeec19a8c9e1c2b4124ada095d82989a50d311019423b807f3b9c613fe
-
SSDEEP
3072:SmH90ZN13L3GyfkMY+BES09JXAnyrZalI+YQ:Sk+ZDsMYod+X3oI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
pid Process 2572 msedge.exe 2572 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 1136 msedge.exe 1136 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe 1136 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1136 wrote to memory of 4588 1136 msedge.exe 82 PID 1136 wrote to memory of 4588 1136 msedge.exe 82 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 3472 1136 msedge.exe 83 PID 1136 wrote to memory of 2572 1136 msedge.exe 84 PID 1136 wrote to memory of 2572 1136 msedge.exe 84 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85 PID 1136 wrote to memory of 3988 1136 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3ead53961cd27e15329f54de9e9578d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1136 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb325c46f8,0x7ffb325c4708,0x7ffb325c47182⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9638074404705186445,12054500495668969991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9638074404705186445,12054500495668969991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9638074404705186445,12054500495668969991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9638074404705186445,12054500495668969991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:2256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9638074404705186445,12054500495668969991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9638074404705186445,12054500495668969991,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
Filesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
Filesize
6KB
MD5cc6e859fee6c772c244d65933c99cffc
SHA16ced2e5a4b4d3e0468e8608540cd86d0c211f00b
SHA25695bc6f7aa27f394a38839864ccf37b11dd56b377a95bf48fdbe30e879c8943cd
SHA512e534c8f265a96ae4dc2aa7e88191eeaa1048ffcdb9a767de6aba0daecf41381000ac5a5db173919c0850cbd0ff6e0dba6a14e3e439e854bfbe7665b0b456524b
-
Filesize
6KB
MD5c209b3c11f2d38ca9a7305d796a4759b
SHA1d8bd8813259aa476bacaca03603b8cadeea1f1d6
SHA25630bba0bbb818f4402fa6a54f1fe4ab7116abb4e2494d92c1572df6c124e791b6
SHA51269c171c0d958305d9a64e14681092e51d7e5b641dfeea923b457806b482eb78f7526a6e8375fa0447ca7b04b08d40daf49957708ba5561fac1966a1afdbbca46
-
Filesize
11KB
MD5df11d1435411ac3da8dc9cac6c9c70ad
SHA100b69b9e60f4835f1f6a8e96ec1df25b826fc60c
SHA256de95287ceef083fa92cdf4d88f3627171cbad6346926b9b65ab06d98449a105f
SHA512e021416264f1963df78fad813392be6a0c79d208039ced929a582459eb321be158884baa4a8d5979a11e8649eb12ad26dbeca00894dae6ac98377050adeff144