Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 03:42
Static task
static1
Behavioral task
behavioral1
Sample
bfef0a98adaaafb0aa40a8f345ac5e6c_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
bfef0a98adaaafb0aa40a8f345ac5e6c_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
bfef0a98adaaafb0aa40a8f345ac5e6c_JaffaCakes118.html
-
Size
57KB
-
MD5
bfef0a98adaaafb0aa40a8f345ac5e6c
-
SHA1
353cb1ea3a337d9ef261d4158b3053fd6b99be1e
-
SHA256
0def02c1945e86de10f889d1e5240e33a6d8fc82bcc0c979a4c2ffc19d0ba102
-
SHA512
9aaabb9ef3e94474648586c1c6c8fa4052ecd6248ffcf1d7b56a9a4718792a3c36618f0aae5a6684e037bdcf09b1ec417254f0bb5585543d715893eed77f32dc
-
SSDEEP
768:vgOriWNcaSoBgGTe1g+N/BE4BvRCs4CW85dNbuP5V2YP:waZe1BXEcRChl85bbuP5P
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1668 msedge.exe 1668 msedge.exe 2144 msedge.exe 2144 msedge.exe 4376 identity_helper.exe 4376 identity_helper.exe 2660 msedge.exe 2660 msedge.exe 2660 msedge.exe 2660 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe 2144 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2144 wrote to memory of 3504 2144 msedge.exe 86 PID 2144 wrote to memory of 3504 2144 msedge.exe 86 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1536 2144 msedge.exe 87 PID 2144 wrote to memory of 1668 2144 msedge.exe 88 PID 2144 wrote to memory of 1668 2144 msedge.exe 88 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89 PID 2144 wrote to memory of 3164 2144 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bfef0a98adaaafb0aa40a8f345ac5e6c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc07546f8,0x7ffcc0754708,0x7ffcc07547182⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:82⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6120 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,1164736306165967668,3040791092842216274,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2660
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2260
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5036
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b6f7033-9761-464d-b213-e6c7dc172634.tmp
Filesize1KB
MD5c0378b28ab8c1c9bc50aadb27795649d
SHA1dd9ca986855f91d11c8ae98658cbf1e79d5bda94
SHA2565596aa7f15998ad6379fc0ae23293734e379d5a82ad453925887bf50781b127a
SHA5123564d80dd1f3c4b6ee231d21d6b2502e85c7e77f87dcd513a6fd28d2af5e2e81db37c09d99849411d64938db8b6706f1574f34ccf0949949fc4699e0b2d889be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD597c4dae4933cc23bf33cf9a1d072586e
SHA1fbb7f18afa34dbd0b973d6bf69adfc423789c723
SHA2569299213746be1ca06d7408f972e7ec0b9ff71c9b527e0d8b990ac8c7877f4dd9
SHA51294ba1bbf9dba445a9d48ca55bf7a1d610ac5ae1abf532dbcf99108815a00c31b0dc2fe15302b6205d6d767e89830d3964091699a277b73ebe050020e36e3b089
-
Filesize
5KB
MD524e52a397fe5663678c89b5881978d57
SHA10c78450c8cf6209cc606dee71e1ebda5170ef605
SHA256eb5c40be49265ce55eb4e9b1eef1eb119ef03a9b08d2e200c55b8a61c5db98be
SHA512158a70244a5d1a28ac3fcec5cf2082d8632a13916c27645e46407200c61ba7b0555b80a56f253959fa344ae67c81a103e672e253d2962e6defc91bf5afda0556
-
Filesize
6KB
MD50add27d31819f9c501f2a86490658f61
SHA13f4d444834385428c16fd8439d262a63323ac28b
SHA256774f27dafb451716816a663bf3ae80f9e41a9174ef54f493a16797c05fbf16c2
SHA51292671c79bf3f904a331666e22be0fe0485539c2718d0492469dfc3c80840ee5516d4266ebf8e05278c403ec8dea2ab5f02583aa1706e9dd60d22f9c8159f84b3
-
Filesize
6KB
MD567107c2769cb0ed252c3120b5994bd59
SHA1159433fdbda7a6932d0e6e21b76a5e5ca6db7b21
SHA25681c9a0692d158db04af9cd95d5db7fe408550de98b9f5152d2cee6c2b2f677eb
SHA51238751a829aa5d86f157e4a66d6c08f640139117548f57c6f1ba1204d3fa66c406cbdb8d3ca5ac58e4e39e5b34c887dc006a6a72b9a35f7ebb05aea5ee156b1d1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fe4f88f48c2a692e643e49cc6221cf5e
SHA1486fb9f1e39d37786b2e0fe1073fe111a8e037e0
SHA25658264eb7e22faaac2a622cb4b36fa245e473144ec37fc001e8ee09de30fe6d4f
SHA512e9c9d6ad70700160bf3940d5dc1aa722f8af7a177e6612aa61519bbc4bdbc5fd9ca7e29f2013e36d0bd237a404c585c00be70d2aa5d35e1d4547248f8af29d43