Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2024, 10:09
Static task
static1
Behavioral task
behavioral1
Sample
c081cf534eaa62eb1bb7a2e5037ecb43_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c081cf534eaa62eb1bb7a2e5037ecb43_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c081cf534eaa62eb1bb7a2e5037ecb43_JaffaCakes118.html
-
Size
27KB
-
MD5
c081cf534eaa62eb1bb7a2e5037ecb43
-
SHA1
740ecba31cb019b56beceee2e651797c3849a659
-
SHA256
cbe878e6ae5081568759f4343833183acbd39f91dddb3259a1c24c15acb8b35e
-
SHA512
5060806352e5f9318d14ea6d1cd8dc776e135c36f4f211d041a6fbfdeaafbe8175eeb2c38b4ee3724d98b43d4e89cdb5faad4046d8577bdee5ce11089024b601
-
SSDEEP
192:uwHwb5nW2nQjxn5Q/dnQieINnDnQOkEntr7nQTbnxnQ9e6wm6up4OQl7MBoqnYnd:HQ/x7ow4pSidp
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4072 msedge.exe 4072 msedge.exe 1124 msedge.exe 1124 msedge.exe 3480 identity_helper.exe 3480 identity_helper.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe 3444 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe 1124 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1124 wrote to memory of 3900 1124 msedge.exe 83 PID 1124 wrote to memory of 3900 1124 msedge.exe 83 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 1408 1124 msedge.exe 84 PID 1124 wrote to memory of 4072 1124 msedge.exe 85 PID 1124 wrote to memory of 4072 1124 msedge.exe 85 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86 PID 1124 wrote to memory of 3964 1124 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c081cf534eaa62eb1bb7a2e5037ecb43_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e47182⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 /prefetch:82⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:2148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6082587188347387485,1591756978123377326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3444
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1480
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7e9c7be9-8098-4f7c-a695-9caeb12d4ad4.tmp
Filesize6KB
MD5f1132de87ba0797c383f9ccc01d07e68
SHA11ec638edbba46d6b5c5730e3c81a5c493c8269cf
SHA25656ec7eb132d846a0cee0403eb4f55ce7cf18c5f47f4ad6f72c8d2a45a5dee077
SHA5125282c3ae0bd115e8399e1eba95d1d3fda7c49bb05489185fdf30abdd2e8e44bc91b1beb349b7cd87e900a4004ae5dbea99fba5060926f6b5893a2c6b7079bd56
-
Filesize
5KB
MD5d5b5e0810025b45001ecae53923c869c
SHA13b0e5605b75b01291e606032c7c2045d0b6ecef5
SHA256e726b386d12620406ed0bb3c69a84d2082ef76be6eb94068f7f7a7ac34f8e728
SHA5125ef245636eed3d8afdc3306ea39eed5719d9bb81df96a4b381cc9718c4e2a75175e551660b47197c3d65e24e5c3833325df9865acad405b8b3fda20f5dc75a99
-
Filesize
6KB
MD599e744158476f762b052555a63313b27
SHA11a686ff3f80e8964776b830d8af1e4e03dc00862
SHA256591fbffffa035438417123e9c33677d0bcb592a885629f84dd13e0df31e7a7bd
SHA51299c3c2c94f2042053665996a0a52f63f93e21cb35bb90b086ac8c04cb9112f37364911e3eef176719bda4a4f757e8bdd59f7f0d025cf3901815310e1a58b1788
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d2182a62a6e9a16d64a2a02a2db5abc1
SHA1de0b4bb99fafe9a82932d9317c9c152110fa42a4
SHA256efb073e6cf55664c51ecc30ea8c9d51ed8383ccfc37f9577805878b9d50381ff
SHA5120b36ffa9fd748e545af52a38d2c9c7bca6bfbcc93dde87ee25e04cffa85e500853f7dd8b4951f2a51af4275941b7c2fc632f76b5d351cb17450d1e39fc40244e