Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 10:09
Static task
static1
Behavioral task
behavioral1
Sample
c081fc94b01513a7c47e32fa98f8dc44_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c081fc94b01513a7c47e32fa98f8dc44_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c081fc94b01513a7c47e32fa98f8dc44_JaffaCakes118.html
-
Size
89KB
-
MD5
c081fc94b01513a7c47e32fa98f8dc44
-
SHA1
73d9fae8df4bf1d8d92ce5494c889e6e9dabbbc0
-
SHA256
7e0451bd96733e48c3b9a2582f494b26aac8b79f7c692488ccf9cd60f449377a
-
SHA512
b3b79f5322b3d6839fa436f799c495b0777c129d5f513aee45d9652c332a2ce33f2fdd26994874b99c5fed363c39e8eb53604c698943bf7ecc318b53636e0a4c
-
SSDEEP
1536:meaPxBub1z8nV5/AGRZlTKR56urFSC/YH01O1GyK/q2pz:mvPxBub1DGRXTKf1+H01ONKy2pz
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 1900 msedge.exe 1900 msedge.exe 1940 identity_helper.exe 1940 identity_helper.exe 3044 msedge.exe 3044 msedge.exe 3044 msedge.exe 3044 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe 1900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1900 wrote to memory of 4584 1900 msedge.exe 84 PID 1900 wrote to memory of 4584 1900 msedge.exe 84 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 740 1900 msedge.exe 85 PID 1900 wrote to memory of 3592 1900 msedge.exe 86 PID 1900 wrote to memory of 3592 1900 msedge.exe 86 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87 PID 1900 wrote to memory of 3640 1900 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c081fc94b01513a7c47e32fa98f8dc44_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a7546f8,0x7ffa0a754708,0x7ffa0a7547182⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:3640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:12⤵PID:2328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,312279900991202723,15031421505323700218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3044
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5f81292fa389eb0a83b674b53f69a58cd
SHA184db0d82d2fdb0b6e7de8efbb135a1d48313da2c
SHA256861fe3f260329c28eb2f7cd133c415f3d5b9dbfc3bce7713f30947d42ec26d38
SHA51280ff6c0a60da6722be715ef1086756efd8957481e01caad5a64d1a45b2b52a6b45dc80202aaebef7bfbfcb7df042a609b92bdcd0618dbc1eba24e280ddda318e
-
Filesize
1KB
MD5a8ec6073db7bf3aeb868587b69376436
SHA1e1d236834c00d0aefa63ab90dbd38f094b3cd546
SHA256298a044eaf9eaaf2c3a0b793e97b9ab2d09e150a2109b580129c7adf17abd55d
SHA512fd4ae40195228691b9bd21bc699031f5cc4555d2c3d49fb78e5ad93f0f4c20538a67d53433026959cfea92706392a1d46acdabbbb7c5e0a939a7653997ede429
-
Filesize
5KB
MD5d572016d36066a73ce41e51a3ffc9496
SHA14e5d2579161c78a661d54ce36be1641dc40292fb
SHA256521ff1222394d600de03c38e867f90f9338c09364660ecb23bc68298c2cd39b1
SHA51242d8fb6ab43c5342d999c244a4db48182a83a2d714b3a217f614c60b66869bdcf48fc0d6c2bcf80459e5fe27cf099ae34c5bca26cefdbfe223f04ea64ccdaa71
-
Filesize
6KB
MD5d8b4f311ce42c0c8cd39abd2b47ee50c
SHA1de564b3fe3da13727b43ace6357619ffa4d2c45f
SHA25648d2abc0693be70a2c4995b2dfbf1d38214cbd49af7df0f85a729bda7b7e403a
SHA512b761ddd506201cb33b20ab44b1897949df62a77fbbcee535d9b85b3807567256c43bb3b3d221ad4807ff0ac6e17709ff4c624abc8a778ef16e2534c4d04f001f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5399d3cf9f73824437c73df0da3463c6e
SHA1d26db95e81c8e405bad7369b4763a05ebcf1d404
SHA25684dca4a5b4f0638d97f2283475411c42f35b414e0391ac33656204d80dc2929e
SHA512af08452942683513149a96bb5b26599b107739499ef0ef07d49123f5e6798203924bd211bb03f9e3c38f01463ba15f425034cd5db06c66d3b7d99f94ee3be691