Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 04:15
Static task
static1
Behavioral task
behavioral1
Sample
c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html
-
Size
52KB
-
MD5
c243b4d5feefdb9984078eba0ee76861
-
SHA1
5d09fb6600ce3e7f8b31f74ec27292dbdb15eaae
-
SHA256
427e42fc4d2f94c4a850dddd629aa054a7f747bd34d8743dd7095d6417c758f5
-
SHA512
818018afb2c34547c03a92f8bfcfce399f75f04eba090eb3acead8bd7ad618adfeed8d6616e213badff8d438ac11df362c80461b7c2369842e3a7ca1062e2a6b
-
SSDEEP
1536:Qw5mQC0WaYmWrJ6BHtG4/PBq82w67iY1taR:h9WalWrJ6BHtG4/PBq8fKiY1taR
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 3916 msedge.exe 3916 msedge.exe 4888 msedge.exe 4888 msedge.exe 2972 identity_helper.exe 2972 identity_helper.exe 4808 msedge.exe 4808 msedge.exe 4808 msedge.exe 4808 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe 4888 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4888 wrote to memory of 2956 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2956 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 756 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 3916 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 3916 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe PID 4888 wrote to memory of 2112 4888 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c243b4d5feefdb9984078eba0ee76861_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9ab746f8,0x7fff9ab74708,0x7fff9ab747182⤵PID:2956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:82⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:4976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:4920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:12⤵PID:4456
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵PID:1136
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:12⤵PID:4740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:1920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵PID:1956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14899980573393848509,16617731726449255980,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3616
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5111c361619c017b5d09a13a56938bd54
SHA1e02b363a8ceb95751623f25025a9299a2c931e07
SHA256d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc
SHA512fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2
-
Filesize
152B
MD5983cbc1f706a155d63496ebc4d66515e
SHA1223d0071718b80cad9239e58c5e8e64df6e2a2fe
SHA256cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c
SHA512d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD58968b9bfd4f9efb7b784ecd108bd6091
SHA18d9f78b5b57a71c51a6051edddf5dedffc34bd3f
SHA256913bd8fae64e48adabfd4baefe8f41272c0ad022ea86ed18d09c8b14c97d58e9
SHA512d274d6a0b4e7df8e236f77386268530b52b900d53ba7229984127c60999d0bffec5a16c2f66976a6e3ae3718ab068c667a0ddf8cd8e0da54d2b3f6a7a955a91b
-
Filesize
1KB
MD56b1e7132ebb022574196e536860aff7c
SHA100d1c5d39c5d6f4fe7c0a208f8dd248ef09a72e1
SHA2560c2f1d7ade3ee5f131e2b7edb8837d1a738cce6dd91a7906d054694793af2685
SHA5121fe2c3160c0059e5ed557d65bd19e48e392a240f5aa88d90bd27e515bae126303e5c560395323900d62d76110e6f7d3b0419e9bef2dafb3583783dc3c80c3701
-
Filesize
7KB
MD5da29d1e4fc992ff94bd6c08b953f4ddb
SHA11f531886bc078656fd0174b9de052cf5ab856b11
SHA256f7fee9223572c0f1c3bde5c9a2fcebedb89aa4d59008ff3e0ddd0b8682684d6c
SHA512e7808287153739977dd3a1e05026d1b0ec748450a09cb684c7fd7972ffc95643df4f8a4cb85f54b6728ec032d59fec2d21ce77843829e6f593bcae4d6cd6cce2
-
Filesize
5KB
MD5ab7ac5a5e65ff86e1e78bb6189b6364a
SHA1feceb39c1b30ff6c47ae5969c3401925f0ae01bb
SHA256a2dde17d93d60b44a42269c1007970fa43370a877de67ab81553f86d71493a5f
SHA5129b616f668ff2d3654c84f92a62997930e1d2c59df280d70e6b7b2b1aa7f38cb96425a8c30c3ee4013d06a3e7bb309b7015ee454bd9fe60398c90047257d60436
-
Filesize
7KB
MD5cc863248bd9658a91c12e3564cc72a8f
SHA1d684d6fb99814cac2bca867957e348b237ad10d6
SHA2569176d79b8bc2f7ec6dddd4708a79f3eba88e4d6299552073eba04e183d037579
SHA512f71d5ce03dc2915e86bd6d49e0a3b7e040f37666a3739e89917395fffa17d03ba062d4828a7c126ff5b97ca0bb97256887fb3e04d392e702a10c1763725f7fab
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5e78be8c94c88dfe92c40eebe42ba258c
SHA1e09ea224c8f44cd56d71625af8bafe8bd0191372
SHA2568bcbe602e5912ece80d7f57577a917491258ac87332463abd7cac76064a4f093
SHA512906761aa17f50d358ba3eb65be6d946ecaa7eec207b57a3457dfd0cfec6b63bed2d6dfb436cfcca9029b3434eb52e9fab6a956e18757a0e389e5ebe220be8f3c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e