Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27-08-2024 02:45
Static task
static1
Behavioral task
behavioral1
Sample
c43b9078c4db5b71ccbdcb13aa95257e_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c43b9078c4db5b71ccbdcb13aa95257e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c43b9078c4db5b71ccbdcb13aa95257e_JaffaCakes118.html
-
Size
126KB
-
MD5
c43b9078c4db5b71ccbdcb13aa95257e
-
SHA1
b617eecedd6c72bf430c86f8ba2de3b5e1722bf4
-
SHA256
45ac56037dc160853370f384ed8cb8a418d3f25cdb892842173b5ab3770cf104
-
SHA512
5768a80b7c51b1928e29b86eb17fd04b3de2cb2b1cbc83556b31cc75b1749cf7cb6bbb33dacaa0a9199e56ddca9b0a3c27eb6cc4300fd1b53f42b5fea06d9e5a
-
SSDEEP
3072:w4q03yAmIEewP5Hl1ob+f9tgi4Dat8aNqRPpca4wh0PQkjvmtrB:wI3y7fP1ob+f9tgi4Dat8aNqRPpcaNiy
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2132 msedge.exe 2132 msedge.exe 4596 msedge.exe 4596 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
Processes:
msedge.exepid process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4596 wrote to memory of 1708 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 1708 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 3080 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2132 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2132 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe PID 4596 wrote to memory of 2620 4596 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c43b9078c4db5b71ccbdcb13aa95257e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe1346f8,0x7ffcfe134708,0x7ffcfe1347182⤵PID:1708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵PID:2620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:4340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1120 /prefetch:12⤵PID:1860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13219268303149054832,9922514629900343568,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3680
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5fccc190f5b63f8ca9a9187052aaf4191
SHA140bbe09fdf4e531fc2bc4d136ccb649e60ba4335
SHA256d1071eb90a9f1a89ec60bc7dedda26121d10b258d9c86367eaa7509b8dd879ca
SHA5123c8b2cb364cf98df527e350a60072a9663b662ddd38677f48206a682d01a2ab32aa38087fe60dde4ccf8bd662a91a011a285b47949c29de8210a83c722135cb5
-
Filesize
3KB
MD5f9d774507ea3885babe13780adc86480
SHA18588aef130efcb1dcfd2a1efb238656a1f6502a7
SHA256c94bfc9d8a688e754971d947129f6f39ec55f8889b8c3470cc9b00d6b8871915
SHA512933a0fbe40058e569345bf12f02d6fba4cdd851ee143e362795dcda4f9713e78a03c3af787d6f0b1f597049156a8d5700c12cbf7bbb615eab683c13e0c2a999b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD54cba4044492b709b00d26dbd0ea00653
SHA151d01455c22e17ba91b4fa6ff9a39224b7a88e1a
SHA25647fa17316e377f6195924fd4288f8a5140f8257783a5d2b8ace03f8e3b6c02a7
SHA51237e0a7ce52973c31ce5042b19e05949245a9523b97a23af932cbf75b4cc2f513a2c95c3355e8bec7eb63ebb8f994d6c07d9f7cdbbf9601f962bd6a7bb2580e8a
-
Filesize
7KB
MD52b74f3a3a8743b234f83bdf7c149cf2d
SHA163af7907d97a4307380acf5868b99a82fd90f356
SHA2569f58f350fa693ec1807fb2c09a3807605de615ab411afccaaaea081167502d8f
SHA5123a2c5cae6ff84ed7be82f9812630ef4e4f331ad7651d9f957dc31da484440775b689a1ddda27a1daf55b91bcc42c9aa2b9693818bef362882fad00216b82cbf1
-
Filesize
1KB
MD5c733c84b440f7a9f983fc2c221c16072
SHA1751be10ead76ac68b99c15ffc8e5ff12114f799f
SHA2561e1ee1eea7173ad32d719b5ee574b2271ac8b423dc3af393b6957751104e8355
SHA512073792c87a0416dd60b2c4bef82c59e9f4096fa1316d29049285c61d921c6a19e7b85e26715ead4b5f51c5f778b690449fee67801cfca53afe6f4c3000c595a3
-
Filesize
875B
MD5b76f95d79ee95cdc415fa8f5d770f7ec
SHA16ea59f23ad5536d01a2e4cd44171e731534cc619
SHA2561f5638b808f50f7c270d59372e167cf99fc0db283b5b26efc28bba23960d76c2
SHA51209e9f1cafcd7d951edf52691345b8aca0b208e1d10998457447946300e4a384ee7d9e2f545983042dd5cae609e4043320bd71d6252f94c62ead7f52206fcb3d2
-
Filesize
10KB
MD564ca1b1de585f74658f1ae64fb58e8b9
SHA1840a0321ca1a179c150289af1a10fc58cf6a304f
SHA256eac9c4f8a6340d70985267afd0472ba8f2f645cb7552b8e8c7f73a8e019241af
SHA5122790659e33f1b0c9ba01b4dc5fd7557dd1b7d8cdaafd9ae47482ba291c244ca3b855993b8b317d6bc3590b242c835d1e428dab7605186bc752051da148892456
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e