Analysis
-
max time kernel
145s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
26-08-2024 10:23
Static task
static1
Behavioral task
behavioral1
Sample
c2cc9d794ea22f85eeabc74b96bfbd1e_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c2cc9d794ea22f85eeabc74b96bfbd1e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c2cc9d794ea22f85eeabc74b96bfbd1e_JaffaCakes118.html
-
Size
272KB
-
MD5
c2cc9d794ea22f85eeabc74b96bfbd1e
-
SHA1
4b9f9f67f658995c528ce97a3dcc4259e8d453ad
-
SHA256
73e3d95025dd1c7f59a37337684709795b5ed92d975d5962b134e366c11218a4
-
SHA512
dd8a365bcac8a0d88b9f4fcd50e63d21cab0c82a7ce9e8357a7171b5dcaf58ada91dbe237080f54b7091f5aa1ed8dffa5251fcb71dff2480c09bcb3b3655b183
-
SSDEEP
3072:OHAmqWcpzHsPU5LlBiWVLy6C1D5lKu51uiiChD6RNzDZa4qpwpiViChD6aRNIIUe:tAK611oGqh9qDc8Nv
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 3416 msedge.exe 3416 msedge.exe 2320 msedge.exe 2320 msedge.exe 512 msedge.exe 512 msedge.exe 512 msedge.exe 512 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
Processes:
msedge.exepid process 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe 2320 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2320 wrote to memory of 4672 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 4672 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 736 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 3416 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 3416 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe PID 2320 wrote to memory of 2020 2320 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c2cc9d794ea22f85eeabc74b96bfbd1e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f47182⤵PID:4672
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:2020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:3628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:12⤵PID:3204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7728590004394230735,7023545178953827863,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:512
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3740
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5b547d6e50c3d3c2589c66fd51e2dc288
SHA1d8f2df0388b3909a8518881a2f9936b1f90530e6
SHA2566d7bd378aa067acc3043278d14d87e974e9fded21776e0b287dadd8dd44c4ba2
SHA51204f4c80d1f21d9e48afc7172beafb1e7966d67f1826095520bd74c394950078fa9412169ae8b4b0163407cc4897c3d21a0ad4d9d250ae2d7b2c183fe9505c4ac
-
Filesize
2KB
MD536771b3a790db2945f4f0b7d2eef1e06
SHA164f2b729bed432daa9c27950621729eb13207a38
SHA25601bbe9118ebea751d5196e84bf6eca2d94978f18d0cc265daeff27e01c16ac8f
SHA5120649b4cc4bc4c547d0f06a3b1506060c11dfadeb23a4a4c7ed33f2b7b8a7f0c9da8846b1e513d3069c1f1097c22dda0c882d9560c7e44e8903a0b3880345af55
-
Filesize
6KB
MD50245cd2e6a1726fc14800a0d9526eb2c
SHA10ab7a3a4096b568d13c0d9bbd279a49386c6aeea
SHA2565e312ba34cab47211eaf8b62ef72fda4f43846929d33bcf7db54d7e9076abd36
SHA512108f8f562596931f51293c91b76dce31249801f78f7c6ee81948f307fb742f28511fb73b499bd2cf7eb45f25412c167c24c41b883a18d769b1ff82ca692084b3
-
Filesize
8KB
MD5ad27a6a60170abb758a388799744c46f
SHA1cb17b2651a8d84b32bce710959be8b68c4350496
SHA25669ec4acec7e21ef0d9328ab1294670c2de0f96042051f5093bd37a6e769b3b4d
SHA5128db9546f9858817fbf42c28ed24c5c0d936b956be274b62e4cb3a2b29480fabb5aba34638d49c4573b622b8999768253854347939d5be93ddb6e2d4fb1b95588
-
Filesize
10KB
MD5e84523ecf23f28c0b1d6ba5be2904e31
SHA133ef0d401f6fbecdbc51649a6dccc56aa8fb8bb7
SHA256e2e19dc8313ac6e7b4e284ed5e382fef5e3ff2b520072d365f8a995209afd389
SHA5128aff30a871c4aaf994afbc71a59d71b394e6616a48849fe457ecb55f0f809655790f11409e89992a4b69d3edae91e066c65b30b88d996233a692221a41bc67e9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e