Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 01:35
Static task
static1
Behavioral task
behavioral1
Sample
8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118.html
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118.html
-
Size
70KB
-
MD5
8c79ebaf99040ac8f572bec9082f01ae
-
SHA1
b8de9753e655a25dff35e4c37da333a71ac6ef45
-
SHA256
1abafecb311fc105c88818ede0f92a1b1d4a69f66b59a79b0d157431f4ac6245
-
SHA512
ffbdee29496639e89a56a6356e145ade92fa8d0a4cbb17ffb69cc9579ae5d1e158ec86d9374c2568ac1bbee20e0c507f828d8fa88d876c808eeb13e273c51c52
-
SSDEEP
768:JiVngcMWR3sI2PDDnd0g6jX2soT2e1wCZkoTyMdtbBnfBgN8/lboiGhcRfQFVG8F:JUgAUTTNen0tbrga90hc+NnhVJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1012 msedge.exe 1012 msedge.exe 4916 msedge.exe 4916 msedge.exe 2808 identity_helper.exe 2808 identity_helper.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe 4472 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe 4916 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4916 wrote to memory of 236 4916 msedge.exe 83 PID 4916 wrote to memory of 236 4916 msedge.exe 83 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 212 4916 msedge.exe 85 PID 4916 wrote to memory of 1012 4916 msedge.exe 86 PID 4916 wrote to memory of 1012 4916 msedge.exe 86 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87 PID 4916 wrote to memory of 4028 4916 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c79ebaf99040ac8f572bec9082f01ae_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe48be46f8,0x7ffe48be4708,0x7ffe48be47182⤵PID:236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:22⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:82⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:12⤵PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:1528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9360411057750090932,7970616580883701357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4472
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4156
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1288
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD55d90870b209ec615402690b399257d7d
SHA128304d736aef866ccf4adc59f9edb1ddb9aad6a1
SHA25678bae835759fde2d4fb17db97d43e15cb7ce9699eb17ab629a01a00d9885ed9a
SHA5123307a94f300880133618d724c8c2f7dafe2f8488967fe39a8d661c33ab8cc186b5c8ec6c9899894edb217b532cdf70a319ccc6f2bab472172d8ab845d8489e8d
-
Filesize
410B
MD5c15b897e13f3f11bb8cf55bed9fb984e
SHA1c71d0ac547755b4ba2f07e85a4a1c6e8990f290b
SHA25635777f96b7596393cf62220e516ade9793213b88f1da5c489cb87cee1e4a974c
SHA512fee8d99ceb18d67dd94c05129632bed659d081fb1254765cc373e0dd8162f25deb7ec002c988346739d79abe2bee76b74d6239378bd526b7318cf4be54091378
-
Filesize
6KB
MD52ab7f0caae196b7017173acdc75afd2c
SHA17b1609383b17c891db51a714e29c2a01cf421f99
SHA2567b116aeb688ada203078d1cae3bb7f4988e38302298144151b1e754e6c953d2c
SHA5126c88c9b221a6050dd0b5a4bdf9735c8352b39b1cbd7651bf5fb40261c70da455cb9bd96df23c8bed7ab00b1f45f414f661e500451af92c89b6682759c70e9537
-
Filesize
5KB
MD51906a2d6b559ece57b5370c19d1c2348
SHA15dd13e7a075647eb070f5a87047b581a412fe692
SHA256db0f03339f71abf106d5e163031de924cd558edeb09807a4e999ef93531efe4f
SHA512047680f9dbbc98be07d5c9254f00949dd1898df488770fff31c3ee0e905cfb4514223943f01807eb2e77998c665ca2a55ba5f608208ebf87b0cb7f1cd7327de4
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD50c980689a37b713a9844f4383e834124
SHA1092597f4a5b5b9c63899a9256427ab8930e42efa
SHA256c387c72c33dfac8327316afa879a7e5f86b94ed9e7cf81d53f94d376cebf6397
SHA512df967f10ba11ba3a0ef0c0994ae4910b655d5d8d7621b3a0c3fc1a05addebc6a73a0b84cbccda24c64d5a39e7450b8f2d2f378226259eecf9ca414d09ff31e40