Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28-08-2024 13:46
Static task
static1
Behavioral task
behavioral1
Sample
c6f85e55592e512a4eaa855fd1eec1de_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c6f85e55592e512a4eaa855fd1eec1de_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c6f85e55592e512a4eaa855fd1eec1de_JaffaCakes118.html
-
Size
81KB
-
MD5
c6f85e55592e512a4eaa855fd1eec1de
-
SHA1
cbfc176726f62df282a4b5d84ae9a4a6db27a6e6
-
SHA256
019c2245a32665aadc7c04331c7c170df8f3a4554847bf7294dee9359b1811d8
-
SHA512
86961fc57e2d2908bd95b75d84068f8b2457e9cd1dfa569adcd54dc097f193147bf28c8e02d062203e451532a8b48d3f4e59424b3f86d28a015822159da8a8a1
-
SSDEEP
1536:XCYKwHAbHHXXRK8sAE0VcCjtjvln3llsDcKS0NQeMPq:MwHA7Hc8sAE0uCjBln38cKS0NQeMPq
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4848 msedge.exe 4848 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 1848 identity_helper.exe 1848 identity_helper.exe 5752 msedge.exe 5752 msedge.exe 5752 msedge.exe 5752 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe 2232 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2232 wrote to memory of 3632 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 3632 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 116 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 4848 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 4848 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe PID 2232 wrote to memory of 2724 2232 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c6f85e55592e512a4eaa855fd1eec1de_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9feca46f8,0x7ff9feca4708,0x7ff9feca47182⤵PID:3632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵PID:2724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵PID:2992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:4924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵PID:3492
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:1188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:4536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:2060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5124532062534515645,2526356895482781302,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:812
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD562ae682e07a5c18cdec06a9e183428a4
SHA196ce4153e8480ddb30da3712e23bff7439e38f92
SHA25686ed24951584fb56310aae799e0e801046db041bedb793717b149d6c866004a8
SHA51234d18a5df8a22906511023af4c23b2efc57ca55534d68ff0eeaaa4e8954454aacd9cc8e1c8bd1dad1073d9aaea9a6ae1e3bed190924fcd38052e9b58ba3747ad
-
Filesize
1KB
MD5472f996d78338f7a2eae85459f8c30d9
SHA113f16b973886c8a407e63801d2896be4101ac679
SHA256b26e9a844e2d4616ef5a2cff7dee903b57245047f8411346253eba31908b6247
SHA512d2299927b7ff290343c779832075b16679a110628c77b6e8178f4f5cf4a9900118bedd369bef9091db4eeb0a383e7a23e5be1b78d725f56db0a92ef1e84c7a92
-
Filesize
6KB
MD5c13b65777e3030dca38dbf941162cb87
SHA1649761750de56ca7cfeb3e204c876e2bf2029a61
SHA2565d7d1237b84185a71e96883511b818a1c515346828029bb49c72059d0e915c45
SHA512cad13eb816444f1d3ada6cbbb61296a870a2df599a370a16dc41bffd15109cdd17ba589a3a402e83d4222152b9a4299269ea7f5ca43341391a368812f6a1c098
-
Filesize
5KB
MD58f6e46f5bc80bb519e8cb72011341edd
SHA19c7fc9461b1a2c490c727a2fd31ee2879cba1668
SHA25682bd5e08b789b4c5bd0f514652bb45de6baefebbbcc20142a7df800ab66bc927
SHA51291b25ff39181b3a40dc4deb6369dec9f30bf8e0596b2c041898cdd1d8158739d18be5e72770ef7217c7b1d5c94a5e5b07b15e08d809be394df49862d2f1df9c2
-
Filesize
6KB
MD5c72ad3a68c54a2b5a5ce0471f16974e7
SHA1faa8e463eec0ae979bc4c27c4fb450cda51aeb4a
SHA256deccc2dbd5dcf4cbf5802f0737d739427e3155bf8d8bbb39eb204914709ffbbe
SHA512119aa8559173fc1a8028ea8f0578ba3995a1fd22f2345bcbd92dc2c388510524408e1fe925fc73df201349e509cda0ffb27cb34fe8a3911fce18f4ba4c4696ff
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5faa3368a59b175fbd2870c502583d0a5
SHA1004cf6eb07039004072846f010826fe031a64704
SHA2562fdee5b8192c819c8e0bab6a259420b2e198089a90665c1cbfc09184e49dc9e6
SHA512399b151ae3616b609f022dd2da5b122f8c9b24aa5905505183b508c39003edacf83463b039304dcbb151e1722b9d517e5acd3df58aa9bc349265d3efd20531b9
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e