Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2024 11:45
Static task
static1
Behavioral task
behavioral1
Sample
c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html
-
Size
156KB
-
MD5
c0acfb2adcf3114787e3fbbb57bdcced
-
SHA1
639f417715081874783dd3c9b5e2f0ff3537a6f3
-
SHA256
862f2099b67c25eabc74c3f87d5807205dc61331ef158444e947d0c09acd71cf
-
SHA512
ca95f8d530ab0c60bdfc6e0665fb669c7b7284f22542863dfabf378dad46c85815272a72e4d026e99fa998713dec4be0f6104f46654330625c53a8067ce4d51c
-
SSDEEP
3072:sZbYuYBEbem0ILmjxihNwi2fZZUa+S94QAnWhY+TAMOHB1:sZbYucILKxUw/UV
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1628 msedge.exe 1628 msedge.exe 208 msedge.exe 208 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe 208 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 208 wrote to memory of 2948 208 msedge.exe msedge.exe PID 208 wrote to memory of 2948 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 2552 208 msedge.exe msedge.exe PID 208 wrote to memory of 1628 208 msedge.exe msedge.exe PID 208 wrote to memory of 1628 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe PID 208 wrote to memory of 1608 208 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0acfb2adcf3114787e3fbbb57bdcced_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:208 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd70fd46f8,0x7ffd70fd4708,0x7ffd70fd47182⤵PID:2948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:2552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:82⤵PID:1608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:1432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:1852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵PID:632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:1976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵PID:4864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵PID:2764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:1656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5093626326896528013,12648487180023313388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1268 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:400
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD52533b9874438575993e33ceaab96ad2a
SHA153a8575973e9e3010434934c9fb01ec09a13e4b2
SHA256ad4cb969350024b532729bb2337558c7b57824bc4239abde65b186a54d4824ac
SHA512e36fa11fa9c526d86278990a87c5236de06c714b051f3aadee26d20a9d7162cda4685a4b74c82e8204875b8c848db176c0bff76b0bb3a4c79d4bb3927d61e11e
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5fbf5b50e15b19c8229452d1caf434e71
SHA1006ee50ad6ede488d6ae58ed00805bd2b578ae4c
SHA25691a7fe2060545b6e74e92d5b43cc732d649f0b151b48c94b0eb249874d3c8ee3
SHA512251afc40f21cdbb0092135d8307a1c6b5fca5acc04e5bed7f235ccdc9ffc7dcd0c444d78dd466e1807b6f12977e3f6125438e05fee6678f9f25cf699f677f9f7
-
Filesize
5KB
MD5dd40ce324c113334dfe74fd3e604b931
SHA1e1266e8813ca79e8d97114cc360a8c644f4ddda9
SHA2568aaedb944edc9459fafa8ab5f93905c9033ae8323e76a33079a32def1d0060d0
SHA51271e7145a10932894b965d7be83ce53fd1fe4e01df8570c61a345c977a22de1205c2e9e83a71f5a98ed2f9c94511817155a3cc002053339f67ef12dc6481e52e1
-
Filesize
5KB
MD5b3c8e75896091bdc44955e67ea67698a
SHA107797d3556b8081518d1d264725ee30e7fac518f
SHA256f27c75ece35097c56c83752924aa3b2036180be7c0ae6f2940c87cc6c8872d8d
SHA5124c5d86a4e609718c8f924addf252662c65b7d0946ccc9bc12b356904c834b7901c2a4fbf9a92553116d5b9c3c86413fb27ab95fd053e1b03187c867277d4061f
-
Filesize
9KB
MD5c0e7e7d1f56a51ffb59c3dd90a401342
SHA1db93f3c05b43e90fd91052a8b20bcaf6436f3636
SHA25607a4bd88289883fc8f270e7aa2441f315439cb40e28a5356014a76b8e87df2f5
SHA512d71eff3a387d299ddb61561461694a86c3c600c1559d60ab402c2c85677161dd02d0df8f9c6406977ff0158ba9984c6c0967c69f5f64ecd952c6090f850a602b
-
Filesize
8KB
MD593fa5988ae277a4dcae78a3f4745bc11
SHA1d6dcb79facf0475f428a0b72a6176d3dc14da776
SHA2561061d58b2cf3550d71132746d0e964f5c510020799b730c3f6ef4c5cd2cd80bf
SHA51204ad8c28aad26b6c43547cfad37ee252b8b0e3408b7b2eaf013a3f7a98c512303f796516ed04a80f12fde9216d2dd3f22f2d93fa293934b13aab78d2fa9fcffb
-
Filesize
1KB
MD5c9d49436ac45a913ac3e6f30a1b41508
SHA124be9fbdbb2f3fc1af5d4c906774a2ae42253a6e
SHA256d218a32ec094267d852da09b19bf732b5a336441a9afcd44962044b94ff70a9c
SHA5121ab541f537c131a99efe9629aba9f5cbb201cff61c1d9bef8e83c699d75c6182ee7a0d035b780b2be5cf7291db89f54613618ad440cc1e9053d7e94ee9f946c2
-
Filesize
705B
MD5d879e3478d34927f0137dbd6b84af86d
SHA1cc640612396ffdb2acb35b94789f6693297d5921
SHA25661a9bcf88521c182393c7bc2981b26cd20b84d94a6eac2e26fd973e108045ab4
SHA5124aca628e7eacd56632b7a31f69a144d7ccdc407d4bf1f0ebb2e401e42148a52ddc1bbe6b1a03d4cfaf440434c0a95a57e2d57696bb8fa4388659b396e487145b
-
Filesize
10KB
MD586af7aed07b1955b661c921ffdaa9d5a
SHA1d0f52c911c76cdf7bcdf0f726890174ff30fb61f
SHA256cec1871f3267f21d8649a80f134e99ff547ba2799e5a0b7d5c5926ec9a708c9d
SHA512a8f55812ba1ef3103072a9961b07fbe42b5bbf69e46db0524a17c5cc2feb5426f3d8a1fa8f977da6b34c929f847467be9dee0667ce950bc64cc8f161756e09a2
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e