Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 03:46
Static task
static1
Behavioral task
behavioral1
Sample
c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html
-
Size
54KB
-
MD5
c238553ba064ec5bd58bce02afa83e08
-
SHA1
65560ed1745f15cf4ddfcc109fcbc5e0eb09b3fd
-
SHA256
9764ba0ae0aa93efd683efdba2b47b3dc2d85784755a3d157a83972bf9709e21
-
SHA512
7287f291176ed45a2c233ef3f992283c1064363e495b334a0834cf52eba6e5609425c79038d3e87853ca6f904e29255075246edd642deded2d333a2530a76b95
-
SSDEEP
1536:tnNXKR4KpB3vVSnP6yr66j6Z6w676a6q6J96j6+6eEL6n676O666dPkN/J/q0SSO:tnO4KpB3vMoV/J/gSHBE
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2028 msedge.exe 2028 msedge.exe 3064 msedge.exe 3064 msedge.exe 452 identity_helper.exe 452 identity_helper.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe 2436 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3064 wrote to memory of 3052 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 3052 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4512 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 2028 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 2028 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 5048 3064 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c238553ba064ec5bd58bce02afa83e08_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0a7546f8,0x7ffa0a754708,0x7ffa0a7547182⤵PID:3052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:22⤵PID:4512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:5048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4696
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:2588
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:82⤵PID:1196
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:3348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:4900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:3392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:2652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13196600074168266457,4035981006160919703,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2436
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3284
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4436
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD534992296e2c769fac17e7494f36480b2
SHA13fe96942853d045e285d934e28d2af5f2b7ff8d9
SHA2568486b5ccd46467ee17d97db3751d45235b4bb8343a54da383db49664d0ff0139
SHA5124ccf19b6b64a6a044b6a534482acdeb86f03ea81479868d95db268a88e921c4caf78b700a9ce92691385d75e073804ce082c7793deb27d7f1a82935bd92d43b8
-
Filesize
1KB
MD5cc1b4c6fd81d1b888d9862900a499c38
SHA197d9a7e08ba55f0f2876f577e9b7ec0b544d2a5d
SHA2564aa17710fb9da7e7064fdf78337917fd90f89808c43f94a8a47b738e7dff4e77
SHA512010d1c7f65b125d3a08b0d6584207cd21c8868d06fe7ed92e30110e2001b04692ebf70f772f037202d9d4fdfade7287286e3402bebaebab3c22982753a89b014
-
Filesize
5KB
MD5d49710621bb37b0f7eb1102d69136ebb
SHA16e805c91381a80fecc6632d4e0aeeab21ddf6962
SHA2565e413916b93d02f55dbe3288704432de7a541adecef9044d1cffb3ee50db1897
SHA512a04a0329ddf6dd6e0e317446db777043c7ba0d4eb2409acb72ea378b983c0e012d111e23d3f97ee59163e43ae0124df3b81f3a3317421466a162cc0a41637a46
-
Filesize
6KB
MD564ceb68b464a8f17609625ff34d9ce74
SHA1235aea5b8fad250e6236cc5bbbe92ef207419fe1
SHA2564b5e897179c0cf76902aa92dd880edaaf01c259a7c083fd37c6b4590a14d02c0
SHA512a7b6e1298328c729bbd41957d6442984ca1dba47517074bbe1c341f170ad9477b9c28e521ac02142db663c86cbae8d2754c63da14c3ed04af3241554bd40eeb6
-
Filesize
6KB
MD5c18ef0775f2f75f734bec01dea831d0a
SHA1aeef27ce1471528e6bb437d8409ceca7c00e992b
SHA256441b6b1a32ae93da1512500eccc6c39d4f6db9f13489d53a13d525b3c71d09b2
SHA512b443db1f1f5cb27a6608581f5c8f89f2526017b9f94f00d3aaa987503b4ec45eec6310aa996af0b82f8de4f69e3bc51979a237bf8ab84efd71f66f2b6b6d2901
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d5c7aca6de7b1bc7ef49d0ac13e77400
SHA1cbfc909bb702377388122f84107e48ca86ed8a13
SHA256e108275c6f01f2f596865de2c071ef8bba61df59cc5de703ce6fe6e4fa6a7451
SHA51294fab1ea8958ca5181e90ce0c8ac874e43dc0ce0d135aa9901e808560dfd91a2e8fac418c75826ae132e898ed34a196448aa4479af0dcc30044224d895b3294c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e