Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
17/08/2024, 09:35
Static task
static1
Behavioral task
behavioral1
Sample
a208b056e734eae8a8db6391f6f53aa9_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a208b056e734eae8a8db6391f6f53aa9_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a208b056e734eae8a8db6391f6f53aa9_JaffaCakes118.html
-
Size
76KB
-
MD5
a208b056e734eae8a8db6391f6f53aa9
-
SHA1
d7b15d713350fd40732e429f613ff76853489fc7
-
SHA256
624e2a599f944ffa3c46c50833af5ce3d89bbbc357324f925eba418c451f1951
-
SHA512
fbd9672dfde9466472b071ec698340d2a7ffc2da46d13a5771abef00fcff17dda4a3d76fb07789391a833270f5562f11b83eba912a77ddb6b0cd9309b1eaa358
-
SSDEEP
1536:YEijZeqLVEijZeqL5u4H+YFpabvrtETYnRb3T7Uk2aLnBkC1d5l:YEijZeqLVEijZeqLEq1FpeRYnaLnBkCz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 456 msedge.exe 456 msedge.exe 4760 msedge.exe 4760 msedge.exe 5116 identity_helper.exe 5116 identity_helper.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe 4236 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe 4760 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4760 wrote to memory of 1752 4760 msedge.exe 86 PID 4760 wrote to memory of 1752 4760 msedge.exe 86 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 432 4760 msedge.exe 87 PID 4760 wrote to memory of 456 4760 msedge.exe 88 PID 4760 wrote to memory of 456 4760 msedge.exe 88 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89 PID 4760 wrote to memory of 2552 4760 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a208b056e734eae8a8db6391f6f53aa9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc5946f8,0x7ffcfc594708,0x7ffcfc5947182⤵PID:1752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:82⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:82⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17943901898969066329,3728209128758413731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:528
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
Filesize
21KB
MD5c3a1bf5fbff5530f55ad9f9fa464f25c
SHA1449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa
SHA2564ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0
SHA51275aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5d388ffa20fb5a8c61d42649772b0d9fb
SHA15c27c5fcd4c68b605358c386bc50c0895737d880
SHA2564c094fe2b91ef797e31d38eec900088055e47f351049bba31a737246fc11545a
SHA512b7f4bdd0f5e3d051ee6fca9b356ab6d2ed107752ba9bd06e2310ae99010224cbd258b42686bade7caa5bf96da2904fb4b7244ca2cd492d8079e7b544f5c809ba
-
Filesize
2KB
MD5062d367bcbcbaaeef5f5915c150130c4
SHA1b1343c7066b0433cdc3ae8e1ddba4060b3a06b83
SHA256547fd57917f2a363ab6335e454afa212edd19904a94f69de2e7cce4d10c26d18
SHA512b8d3572ab927b0b4a2efd04b11c3845509a254420f324448f290c409fd471f6483f2d1ea5b490f63c1a64d9ee7c04a82cc72e8d9eb354e9f876e63625f6d3d76
-
Filesize
6KB
MD5bd79335235f035aad7874f40346a2a76
SHA12836a9cd8bfb6964d9ad7ea0d9ee72ed41ecf277
SHA2563628a379a053e2b0739e85e43c0b1d6f1248239ecef2c814f0030c897af0268e
SHA512be3763242808837c13782ba864e7a4532a7d1b0cd1ae5223d4a464a3f575c6dd2eecdc7390535746c26fe07d7e7f621d9d0839544039e5201fbc30f60a67007c
-
Filesize
7KB
MD59b27d3513bc41ac3a084828988e27b06
SHA12ca8f73a079426ea1a8e05f936a528a0bd01aa64
SHA2567de3d3a0b44f8474ea5872f9f7ff51cafcebdcd5a0bd8991ab064f164cd8b3d3
SHA512d5d9e59722282bb8413e1860d788c53037e020df9369f549c706f24b3da6bf157a708e24eea19867743ef00893a054f994d009c8a89afbadbd6a044dca60385b
-
Filesize
7KB
MD5dca66e1003b2a4598ad77fbdacf8ab92
SHA1bec473a53e8d464317e799d8516df33c4e8e527e
SHA2563ba6a0cd962eceeaee3e1b2e8e517df0e87c53c53f6db3880e6a2a9d19aba9f8
SHA5121a8f5d2989e167167b67edad06d28521aa9237405a9d4bb96580d07169d119def36789d5229d2b542637d52cf50386513a6c5ea5ba3d71302a5779ab864d4edc
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD52df8d3b33e6f98abe4d53eb1fe96f35f
SHA17227a65b8ac1da0bb0cba08b63601b96d90143b2
SHA256283014dc82ae0f6c27a4fa1b0ed42422398ebef7debcab769092f881214750cd
SHA512eb328793102418ad534a89bcc961e9bb18a49c51049161cfec18fa2b59b868c617f7f6d6b020e500ce81027ea9edb94a62becd495d64463f10e24c76006cb564