Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 10:59
Static task
static1
Behavioral task
behavioral1
Sample
c2da12cde9f368daa6d786e2b6b4b117_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c2da12cde9f368daa6d786e2b6b4b117_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c2da12cde9f368daa6d786e2b6b4b117_JaffaCakes118.html
-
Size
97KB
-
MD5
c2da12cde9f368daa6d786e2b6b4b117
-
SHA1
1fc26386b67b76d756d81322cda1358c2cc48ea7
-
SHA256
63d399a3ba797f510c6be0721253955d8d22182da4af41740f8f9bc4a4306104
-
SHA512
465f956e7703be31c91aa5cc297028a2a7bba66d1577896b65fbebd153588ca381135e62973008cf87c6872a26f4a03ccf583b32f5aa2f5cab95caa9ff357709
-
SSDEEP
768:VOeMtt/j2iA1tdw+MOQfV269Cz4ZcN/ha+oVsHXo2H29cXx:VoCheOQn9/SN/ha+oVoo2Tx
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1096 msedge.exe 1096 msedge.exe 1848 msedge.exe 1848 msedge.exe 2180 identity_helper.exe 2180 identity_helper.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe 1712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1848 wrote to memory of 448 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 448 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1732 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1096 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 1096 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe PID 1848 wrote to memory of 3028 1848 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2da12cde9f368daa6d786e2b6b4b117_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1a4646f8,0x7ffc1a464708,0x7ffc1a4647182⤵PID:448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:22⤵PID:1732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:3356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵PID:1432
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵PID:3040
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:4296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:3828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:4548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:1056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3172539435819304469,17633055144168344188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1712
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2136
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:808
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a1981ab-6f6a-4642-b7bb-529564b09844.tmp
Filesize6KB
MD5cc2efd4d53bc216557e30c5ae57098ae
SHA1b7c6c2a39b4aa8ad35c095eff50d56f1f30f1fe2
SHA2563123123a24a3cbadb486552546b29781dd03067c84464f0f7efeae9da93a8819
SHA512138419419da7d0ed507fdf3c718df89b4e6657da66d5f6e009cba20ebeaf7fa6a2e43752c21121a34d8a16e0ef7162f3e9d9d6746e292b5aa80da73dec6f9940
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5407a53ed680677de8138267b1e661551
SHA1b5723eeab986785f5c7994b44907cdede2884231
SHA256baa4fea20b6994054bff84eb6b25d9a1fa29217ae5286cd7aa4ddf36a29f85d0
SHA512ce671b8236c654b89e0a03110ee8e08fabe26b16a5eadde9b67e427a75f18edd62a4a7463f82dc7a16e64aeb4897070e8ad5d6661f603af08fcd9e372e97f547
-
Filesize
1KB
MD5f4ca9d32b0032f4eef64e634776c877e
SHA10b96f4890c88df6155f970bd98645472341af653
SHA2561bb3f22ee1baf6ba6918236f126dd71edb95137b35b5b12997775875ccaec429
SHA5125f7866b67e1c46028b58e26a6f89fbd1e61c3d0cf44892c7c4951d81340d272b7028c29ebf89e043c11921a17cc94f7a50f113247d039d993fa12af62e264d7f
-
Filesize
5KB
MD577dd82f8906b4c23a2080f8a79b199a2
SHA1502c38fa3bf1b56683a54b76c07d047602060d49
SHA256b76b96b102879dae63e02737a6527289bcb476042e0ff60a8259fde905507eb4
SHA51280fc6227d57b0636cb19d654eef6982c6be3d47d4b66996f84310c475a8aee247a19499fff6aa38e5a57ed174dabddb578a7fd3679d92cefef5469ade88e2a9d
-
Filesize
6KB
MD5c81b50dcc5111bb0b9668c423dfc5778
SHA11689c282cee675f64a2044da41d110eb684420f1
SHA256df8a6ff3a5c395b2b00b4c18ed7f9c4d1652b9d7d4622f0f8f9c312b71f05b85
SHA512ed26c2803038f58983013a8dd9b400cfb8f3b57c2250cac6bd1c0e419401879fff801a20f611a8380c79d64a61866b4cea7f80a151cddf3a455e2740fce2bfc9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD57a3d489dfb0840d9db564f9643d66abc
SHA15b5422608ba772d517cef9275d11903d50325ad1
SHA256c343a94425734deac097889c1c981d11e93bac3e94d30da699d9ec4049851071
SHA512f843cde8b6043434c9fc4de697f3217f43d96fccc5f89807542ca4a233518515c86aa39fc973737b2de44b63e8e3c9fdd2a0436e79962b891368e4fb28fb2a7d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e