Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 09:45
Static task
static1
Behavioral task
behavioral1
Sample
c2be73a4f95f55f8a6f9fef206b3d64b_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c2be73a4f95f55f8a6f9fef206b3d64b_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c2be73a4f95f55f8a6f9fef206b3d64b_JaffaCakes118.html
-
Size
156KB
-
MD5
c2be73a4f95f55f8a6f9fef206b3d64b
-
SHA1
cdb8d47bb2bb31c3fa4182608d111e99912cc1c0
-
SHA256
f3aa57e02f7cc007be102d7245d2f268a04ae186a579992a4e0cf311a984d55e
-
SHA512
7a17bf6c64899ba5477b264be4f8d9aa76568d43f81636bbeed984192bd2c2db96e9ba52076e69107c37520b161a3b6f188c929cca89d4ce35dd6d4d323c2c8d
-
SSDEEP
1536:M9tIvOBO4y6VxM5iUejbVOeyE5ZO1pSZmPe2SQyQt9I53lJdD:M9tIWxVqcUD1pSZayQt9I53lJdD
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 1156 msedge.exe 1156 msedge.exe 3064 msedge.exe 3064 msedge.exe 2792 msedge.exe 2792 msedge.exe 2792 msedge.exe 2792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
Processes:
msedge.exepid process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe 3064 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3064 wrote to memory of 2852 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 2852 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 4504 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1156 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1156 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe PID 3064 wrote to memory of 1376 3064 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2be73a4f95f55f8a6f9fef206b3d64b_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd99e846f8,0x7ffd99e84708,0x7ffd99e847182⤵PID:2852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1156 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:1376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:4872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:2824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:4252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:4928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,323184810218184703,9453841702768853707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2792
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2160
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:628
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
67KB
MD5b4b711f3e747704ffe02b49791ce8cac
SHA1ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89
SHA256f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1
SHA512b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db
-
Filesize
21KB
MD5c3a1bf5fbff5530f55ad9f9fa464f25c
SHA1449a621b775cbe1d3ab69c54a0e18c0ccf6d6caa
SHA2564ea6b3a39d794db93d1084770cc340272f8e5ffd5cd8d0c05c1f5841e5dc13e0
SHA51275aa617b33be2eabe9f67166d14939d58abdb2396b9911dc7ba612130d2ba9adfc90a3cc9b6de4dd6cf8731c90f2ca74b7f9cfaf4a9d0bcbf90d03c907e45a54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD51887a40af4f0bcdc50d0e1d2d9599001
SHA10e81ea0e1f3c549270bce74837646b7f233042bd
SHA2568b1177a5bd70e3cbb9f0d28dd52022c3f96570c4c5e626283742d15b369bc217
SHA51255b6b8140335e05b2854d426e3e8c3dd8f00fdd1d5bf7e4797ca8b731c0bce48211a265902d01c28aa24abaaa6e2fee864a2817567badc93714ddddbf01b9f5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD57045d9a9779408b0863d0c8262880266
SHA1fde80fc60b6d77345891e9a8e1a6071417ce6efc
SHA256250ca9672f6d7c73f15f8577462449c6fc1cf3b7d727aacdebe7da4f49a5875a
SHA5127829bcccbbbae81d5f9960326b3bdd87859dcbfacbdd18e3b14a46813c3844e12f278dbf7981c16f40ad2632407e5287fa7f83ef9dc6754d996d4b86249f1ff0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD51622528d24358772983faea01246d090
SHA14d6b3966eb21dde7994b4e5062692f171c3efe7b
SHA2569365c97e79cb143f205bc509be7410643be7097eefe29d5e905f4f52c357bff4
SHA512a9cd0d49440794757826f9113ac7f1fd98d986548292134f5b0ec76f59144a55de71a6cbf741a4c609035957cfa411c6e3eab4bc7e8e02b9876e3a35f581101c
-
Filesize
3KB
MD521bde408fcd6f7f8179184d7f9532027
SHA13d8957e0a53d17ce9e463c7718270fbabc8f6dfa
SHA25661f039e97fe2b413664dd857f2484c4f67d9589277361c0b453a69eddd4b4884
SHA5129bf7745b9a737ed622e1bcfd67fb2262e30d638da94277fcabd3b18d0dff1fa4c5213f76fa79a2c79fdcc710f3485c3fdb53c5150aa5e59ec37d7c4790fa90b8
-
Filesize
7KB
MD5bc32aed5dff256be76dd3945f996c693
SHA1f2aec75b5199db50abcedf1569d7213361bf9d2e
SHA2563298f5a302722df3677d811c74206878af30b56dc31a2ce0cf80b4cfbf8b0564
SHA51200c56b495ca862e7be9beeb6616b2aaef4e50345f6c28a9eba5e28c6948cc30b8b05bcc01dce94e9fdb60a5220c43045ee31d3346b2d0ce51c7809d6dc55b500
-
Filesize
6KB
MD51378638a44cd82d525e1ebd9250524da
SHA1cc357a63bf38c57a691b3faf6bfd760930f3185d
SHA256c32e7dcb2d65eccc427cfcac9c11dc0dd219d8211ed0c2a53971f37d00fc684e
SHA512c95d9a424a2241b757fed9bc8531c91c19a7682248de9f277a6c555a8cd182948144cfd58cc96b900c9b1d63d5ed0f2849cb9278097afcb1dd32f9a62554de04
-
Filesize
869B
MD536381f28abfef1c10b708c80f586030c
SHA1697d2bd1b9a0fa65adf5b64a25c23de53d5959cf
SHA256d2188da648cbf665ab3094edabb12dd43db35518a8465f93fef1d675b7ecef03
SHA512ad8c0be0214f39e7cab00a56035521594558c094e06f2a80aa9b0931191b6d8edaf4aa435c50320b5709120aed5699a2c5bf87a3feedfaf3163173d91dd238cf
-
Filesize
370B
MD50581e76c61111bb2e95ca89be7e7163b
SHA1e6af8027a46f39f77bf2afd9a8943ff22fdce5ee
SHA2565aeda19c86cb79521196bbad073822afe18b276a89f55587d644f6d12bd302c7
SHA5126efef5f010afb932c5af9163d2d76816a402dfb43206541f228eff7a59d8f9400be68af2471a4a040aee65a195ab802b7e218208c8b3d98af06536cc0c2abaca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ac56d401-6be1-4aef-bcf0-ad14e67bbb6b.tmp
Filesize5KB
MD52ebaf8f991045e4654a0bd10a626bbcb
SHA16173815ca25a59cf216bc00a8edd44a914f858de
SHA256a8c3cf1545e27807e7c4583b315e0fbbfe292d183b69005590cd33fa85de046f
SHA5124f6e124414f0e4f014b9d1648160b7c8c17fb4ff2abc777f00c03ce8d22e12a84fd5d3c5aef81ff1a1444f5a5ea1d09d6e495362a4fad68f043c1c8d2e0efb85
-
Filesize
10KB
MD5e3e031b53a6f50a0738233e06b147129
SHA15720b114775d725e0a09adf707208d37109e4160
SHA256df35a2628f0bef4f4389cd2b24b2d48f6b9175825c88db082c8ef8d241a7626b
SHA512243c03df2aa2434cd575236dd5f3fc9fd28fa465cc5ab5592fe5f7c1508c9310432e68ff56de14a959a9e95badbc42d328d141af10787189c194661652a5546e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e