Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 06:31
Static task
static1
Behavioral task
behavioral1
Sample
c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html
-
Size
234KB
-
MD5
c2754a5595fd4a06b31b1046d53b8178
-
SHA1
2fd27dc8bdf0f96090de29215b5cdaa4a773be96
-
SHA256
53ea0191165d701c3923665f5cc263132995a332184608a50a327cc23639da0c
-
SHA512
3950d21d9b8d2d23851366867d282d81d63dbe41eff5cc7dafc69447ec5ac9dbfe2d30ed75d81db0c8ce846895a3fc0145135b79ba84c61cb8c2b39ee4e4993b
-
SSDEEP
6144:w+RELVzhXkA3d8VZQvzwV2lms5JBpknvjXGXgcHHvByKQx:zRELVzhXkAN8VZQLfh5JBpknvjXGXgcC
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1404 msedge.exe 1404 msedge.exe 2576 msedge.exe 2576 msedge.exe 2516 msedge.exe 2516 msedge.exe 2516 msedge.exe 2516 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2576 wrote to memory of 4796 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 4796 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1232 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1404 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 1404 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe PID 2576 wrote to memory of 2912 2576 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2754a5595fd4a06b31b1046d53b8178_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92ff946f8,0x7ff92ff94708,0x7ff92ff947182⤵PID:4796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:1232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:2912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:2340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:2296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:12⤵PID:2068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:3612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:12⤵PID:2484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:2020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,3502574561682926619,3195234853228933193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4836
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3636
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
23KB
MD5a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA2566add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5a2529e3db491fbedabaa82df7642d01c
SHA1b995ad4d37eaaea153a9afdfb5434c0c73675783
SHA256ca9e414b84163ffe22cbe13a8b6d1a01c70a6bbdeddd7dda8598713c5e9d6cae
SHA5127d16a9914c0a532ffb681d7ff6b6d42bff3cfe9234c113e9b58f4443ed4367667f9f8fcee3df3fe75882f71a4e9aec83dfc9883ced503a85f241630566459e0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD580e564da1e09594a0c586cd99f9afb83
SHA19d6106a3344f7ed0e4ff0e72d48882d1f95008f7
SHA25692937a1d349670054cb7cdc2daed8d88ad57571f7a8bc977df43ed33930277f2
SHA5129d92c3a01d75c214b102beb309457c7122134e7c7f2e8cbd6a7b5a6fe61a41473d908ca95c21d3f3fb85685332adee9e280535e46671360146784c76f203a1f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5d8368c12330758be97ecf60e249deeae
SHA107fa474ca53a70ab3559e18c78fe324b1d405307
SHA2560e542e020c7de7e9ce80482891fd73143983b1a244cdb1cd69fd61e27a57aae9
SHA5124382a82df057d734f91b44fe817cf3b9ecae8c9ac0931a5f39ed8e06817674f58dacb1c51ca8743a2f9fb3c975d5b0f9b041d135bcbd935cf7910b0fe22887c8
-
Filesize
1KB
MD52ad29c5463cebd65b1a99671bb96386d
SHA1885141f97e2f549ce47409c0644313779659f484
SHA256e201d1b2be704146940ae5421a5cd3f91cd370c1438cb651bf390d4ab863c589
SHA51222b3fc59baea1fe8e0c68e358f82d9cb3210235f401de5842d3127ab7b5c20c115a3279df5dd6520ab92d040732b3789ecfe6666d6c485331a3f8a238632b9a5
-
Filesize
5KB
MD51b0497c88276859ead41403970867b67
SHA16cacca37f3793dca9141f1cd329384e05302467a
SHA2567c477eb5a7bbd5d272b96aa29de746da9d21d76ef71c793f48a76d6ea17db55b
SHA5120e270ffb069b6591320fb5ae409b971c03a2f0912f7fc1b8ed0adcd98795831eb6ec9be72c670f39a7ec510597391b15ba54161f89164626389ef631c64ac3d7
-
Filesize
7KB
MD5c7a47bf656bd138dd3513bdcfb66b448
SHA14a925da5e7f648162d2daeeeb9b5f1f2acc29ff0
SHA25646acf4b317382d6c3e80547aac961e1da9d2564f62d0e512a2556476e19596df
SHA512af048b68dab9e6a19bccc66c36a8a0393429d8982a925d3948410109ac9f39ddf45968ca2521538c3a2d05be1dffa5d704f707fbdef00f108e8c6b5133578737
-
Filesize
6KB
MD5ae6e369d0e46364a28d6b2cca73d5cdd
SHA181c3dc48f7a673f1f9c59b68479455a91a6052b3
SHA256a6087ecb8ac0826315144fe16cf9451d80596c076cf42a4882cb99747276d9b4
SHA5128217ff124e8f0870a95c9dce9e80452660609bf1789d65cd257ee5abe838b5190550e364d972a27bdc3abdf701ec88bae1fdd844458593cc96a8f08b246f134b
-
Filesize
203B
MD5b293cb823b8543e98fbb485252a18018
SHA15c5c325940230d53f27338b4fc91d301ce8efc48
SHA256755f881fdd4d82638fd31192fa5742fee4a7c881cacfb5da87362223197c024b
SHA5126678a5ae6a287be24b7ae2b1edc7451e101bec3b96f0ff2689e61336048e8e6aebe01bb262451bc235ad4bce7b255f4921541f1f572e54a13516a88193565819
-
Filesize
203B
MD58c580a037d3ee6d08bc2587ca9695392
SHA1b11b90a2b5c7b2b71491b50228e9890acd94db16
SHA256636cf4e73c9fa05591ecf95ac21aeb1e2f9c5b1e3a4c545ec83985fc1abc9d00
SHA512d221465d6d48e095d5be3eb6d64685ce4ff4a8c1a10514b4857cc1276f48cf7397fc15c614584b2d604c60225a8d3b29235752fec1f2ff3b0f0898255fa7492e
-
Filesize
10KB
MD53fba0f817c9bdb2846c469fc1d83c4d1
SHA1df70d657ec27e61b515098d8e1bcc3670c4372fe
SHA2567d318d14150c4293da3d9eaefb72a2e8af9647560319de1d58e677a6befedfc7
SHA512cdd9df90f33fe42219fd8f8669d239e390c366d7a6cf255b52df14aa619321fdbd6e917cb84a780a0e451611ff31c6f68d6ddd84a61389d9de87f68cd4bfb31e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e