Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/08/2024, 22:03
Static task
static1
Behavioral task
behavioral1
Sample
c7ba5718be28ffe044799bddfc5b61f9_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c7ba5718be28ffe044799bddfc5b61f9_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c7ba5718be28ffe044799bddfc5b61f9_JaffaCakes118.html
-
Size
175KB
-
MD5
c7ba5718be28ffe044799bddfc5b61f9
-
SHA1
73d818be17f9d62be414bc693ff661a4be4555ff
-
SHA256
2f1b6b9fd6a02977de7e5b7da7f62526c063d7da5b9aead69572327f587c57fb
-
SHA512
97c81b6cf0d2daf76ab24c84d092870775e2c0d47cd5ad17c6301cdb90a4e894aae7e42938b92c0d5c2f376837d15ff1c2719e56a3119668f7979e8b64b4572a
-
SSDEEP
1536:SqtK8hd8Wu8pI8Cd8hd8dQg0H//3oS30GNkFFYfBCJisZ+aeTH+WK/Lf1/hmnVSV:SpoT30/FwBCJipm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2028 msedge.exe 2028 msedge.exe 4596 msedge.exe 4596 msedge.exe 3076 identity_helper.exe 3076 identity_helper.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe 3760 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe 4596 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4596 wrote to memory of 3876 4596 msedge.exe 87 PID 4596 wrote to memory of 3876 4596 msedge.exe 87 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 264 4596 msedge.exe 88 PID 4596 wrote to memory of 2028 4596 msedge.exe 89 PID 4596 wrote to memory of 2028 4596 msedge.exe 89 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90 PID 4596 wrote to memory of 3632 4596 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c7ba5718be28ffe044799bddfc5b61f9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebdfc46f8,0x7ffebdfc4708,0x7ffebdfc47182⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:22⤵PID:264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:82⤵PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:12⤵PID:1168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:3596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2304,13342212820526133213,869077243285855003,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5932 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3760
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2772
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5012
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD5254638735096ec8399f1a5ffe43aba49
SHA1728a7fb114d811a6507b0200df93747e9de845bc
SHA256787d25de1ab6be677957e5d298c99cb50da2e32d7a4a7ee517110822e49657f0
SHA512e560b72ed074a60f000a81f81d406dd5b101c6747b25aa92560a17f7aa9df64fa05ec92f0ff5b68d24471a011d3f6c7b8349d64090deacbf91ea27e219b963cd
-
Filesize
2KB
MD549b323009699f7529045c383ad13f6a0
SHA14f39d4b2570b345afc983cc5defcc24b3bc621e6
SHA25637419a10bebe4c6ce973de91f64679638842b69dffe1e71b8115ce8aaf352221
SHA512023534e7759f37c84585d9e702229c4a9d15859adef5aa11dcfee86afb68273c327305d18d14602144c85cb7247ab8757323b0daba7fe5da0b231359d38385c1
-
Filesize
2KB
MD58e5a0c44001fe03591ce4a590590219e
SHA1e28e855f4ad36e1be518d233a3d81f5208ad27fe
SHA2563248bb78aa996acc86e8cbe44ade27f7da133e351b4110c3c1a0a7845c0335ab
SHA512ac158da28deb5b64f8826d145ce7d5519336280ec3d63fed08399b361e7069698a2e44513e2492ca81e90929ec4c662b7301f3b29b9337c4d90c6ce86f531be3
-
Filesize
5KB
MD510235ed67cf8ae6d9d6f7f7b1cc738d7
SHA1211140f915b46ed79be0e1062264e7fcd13bf173
SHA25695b88ed51ebd07cf01c45375b0f82a0d741eed54cabce0b9228130974947c3b9
SHA512e73eada430b3cfeb69ac71123fe3f5b5b665f74d515bd506af7ef9a30204a3213ca4ba54663207021feafc5b352accb9c933ac91745bdaeeba6a4055a60cd2db
-
Filesize
7KB
MD59a4852a69ffc684c172abfe176efea9d
SHA12d765ceb99e6177c0406354091c762eed72df63d
SHA256533c9a5e5ffea369944f98b71d2f5934cc200f7598357bc09f1043328fec48ca
SHA5127608d53873db0a1793de6b84292baa47d84dff9c3b65e309ca72316b7faa3abd9041065a10822a36ebdd67c1e9f12eac5790ac4bf088bf83e0c1627829e527b8
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5e2348b6f666e0a8740ccce5e6c0be3a2
SHA11ff6ccfcb8e1ef50d25dfe32161fb771e2c3deb2
SHA2561100290f61a59cd444aaebaf3bad79178ccb6ee69febd7b7b1da5f4555ab6bef
SHA51235a8b3e10b4cc6109d243f999fc4b8dccae1105a8397deff012ce3837b1a5ed7a400482b8d744639846f9ea59494c448cb6c99b0cec122ef300b19f9dfb3eb66