Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27-08-2024 12:49
Static task
static1
Behavioral task
behavioral1
Sample
c5073b8480d72ac265a979d8b37ec4e6_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
c5073b8480d72ac265a979d8b37ec4e6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c5073b8480d72ac265a979d8b37ec4e6_JaffaCakes118.html
-
Size
81KB
-
MD5
c5073b8480d72ac265a979d8b37ec4e6
-
SHA1
55a82aa182ff6d5e37988bf606042e7bfa660546
-
SHA256
96da682053c84600f88e964798544219b5d2b19839b770d21be24d9501e53b5e
-
SHA512
2de1d8d39e34d85611e05c089e9d500d872d2fdba7d745a82c8e1ed81f256bee584406dd5fdc572cb588847716f2c8b6db044e898bb8ebf340c2854ad5ccc368
-
SSDEEP
1536:W+Xj1RVkouiSTFUPHu3C/Zg+tJGsA9Fj/K9SkSSje298pIMmaPkvyWFYf3PgdtV:W+TnVky69Ke2GBWFYf3P+
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2680 msedge.exe 2680 msedge.exe 4896 msedge.exe 4896 msedge.exe 1300 identity_helper.exe 1300 identity_helper.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe 4124 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe 4896 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4896 wrote to memory of 3068 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 3068 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 1268 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 2680 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 2680 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe PID 4896 wrote to memory of 216 4896 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c5073b8480d72ac265a979d8b37ec4e6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f57d46f8,0x7ff9f57d4708,0x7ff9f57d47182⤵PID:3068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:1268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2396 /prefetch:82⤵PID:216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:4996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:4940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:2244
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:82⤵PID:3528
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:1364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:2624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:4320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:3760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,6660260983864455236,14795298902492543723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2960
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD51ae6c7727746791073426954999773c3
SHA13d8d784e2fb6c2c2045c40e4af1f8b5761ceba46
SHA256277fbefe746ce0e80b50f6f55610e01bd7fa13ff41273381dea1d10eab32af4e
SHA512574a94674a97c0d04d1a60c502f8102e1343318eee9b52f0d98139c3da4b9fb9997fb95ff2fb013795102ef1304b22e01a05264c39701020c0745cd58c4e5dee
-
Filesize
1KB
MD5606345e6d41ff17201a9176296af78fb
SHA12498974ea773ffb80091d4fb47aeaa5cf4e3b5ae
SHA256c7a13943f7865c1d2dc5be8bec2c8ef83f1e3100cf3d8208e2baeed120d51837
SHA512748ff1114cd5162ad931cb6ca266abfdd966a67014bf430c7055a91378914efc4d52be89ef792628b3b72e62370e60c4cd823c220c5f5c2ec574946be24ae1e2
-
Filesize
5KB
MD55505b8c2194789b7dffd3d0ff4fc8e3d
SHA177208b082ee4389556382fcb4c2c17f99becbdb1
SHA2561a0c3d07e101296062cbdd09376ce80ad3642861645f109efda53890170258ae
SHA5125a013eb6df1d3d15ff457dcbc2752cbdc1252089bfeb8878f1de84d0fb21ee61294be4f4490574248ecfb05625ae1a3303b159df0d01c60e0832aa54ac8dac06
-
Filesize
6KB
MD568128ea1ad87c675e2115a0bbb970bff
SHA1c0abf8c87fc28c1663728182e8a5a49fd6c1fa61
SHA2562cc9153785eeace7381998f814abb518248d21ec3aaba0fbafe980d24711c8f5
SHA512a34ad33343415749173ee7ff84966e921e8d120811651738151a35d16811cda0e79670b818637f7651554458e3bbd1bd0c243fec0b9b7da3b179fe2d087e82f3
-
Filesize
6KB
MD529f59ad2c600ba09b6423135786fa6b6
SHA1cd95037d070277c4a46b01ddbb4a779846bb85d6
SHA2568a81433725aa96348bb3134f81b03c292743736574aef9a4a3140c2e297fb377
SHA51283ee18c91c82246bf28d8fd55009d32e43982f7af8356fb5f6977dd1b39581c91237b20d70ab4415df3318b0257584219a7d3cc3ce2d6659e5f9b4956823edc4
-
Filesize
6KB
MD5bb74d936a86dea105c5a09156747877e
SHA1c14b601397490b0f46febd65258766f63d786243
SHA256774a46f39dfc558d9cdee6bf0dc30e07fd686575ec9b9917690f8563d6585dfd
SHA5127a6e417774172beb90a13e9a5a59602e07367ce8fdeaea2fdb5ac9e00b793eb2ce586b13ab3e69d9943d90a40e24ece79be9eaf1d232b45fda780e780789b353
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a986a63e2fafe43e482a4d189acdc9f5
SHA1e7a0cdfc2b29366c1b9a7b83260ea063390c02d8
SHA256053a33f2d453d198c338eb58cf35494e569efbf8acbfad31e46a9f1e292c07bb
SHA5129fa0c9bd84aeb9269837b7fb296f1421908c54f672f3339217376a7e9a28a09c02b8baff9eaa7062767b2fa389d954b214d09c5a8e3e04d74da859f81f8d022a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e