Analysis
-
max time kernel
145s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
06-09-2024 09:03
Static task
static1
Behavioral task
behavioral1
Sample
cf2db6ae4d174e9fa870fd47dd609e46_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
cf2db6ae4d174e9fa870fd47dd609e46_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
cf2db6ae4d174e9fa870fd47dd609e46_JaffaCakes118.html
-
Size
15KB
-
MD5
cf2db6ae4d174e9fa870fd47dd609e46
-
SHA1
7758e7cf95e255307a8cd95c7e985d11c7093b1e
-
SHA256
469f7af87c3d53339bf4d6457e134e974cefedbf2f13611cbfd4cfe20ff37a06
-
SHA512
40520d21ce110dcb8155e45c159c9745cb78f53ca258c5fcbd9b41f7d67b68a06c9333772ab9b91cf08a280a9b4b0d20d25455275d476fe3b6a9a3da47f6d1ad
-
SSDEEP
192:Z64uJWf+bqiO1DiR754COxTt3hpVoplaZs7aZBjB0cVmWdEhx5:Z6xVby9il54CO/RApatmWdun
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3764 msedge.exe 3764 msedge.exe 3292 msedge.exe 3292 msedge.exe 3292 msedge.exe 3292 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe 3764 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3764 wrote to memory of 4572 3764 msedge.exe 84 PID 3764 wrote to memory of 4572 3764 msedge.exe 84 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 2164 3764 msedge.exe 85 PID 3764 wrote to memory of 3124 3764 msedge.exe 86 PID 3764 wrote to memory of 3124 3764 msedge.exe 86 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87 PID 3764 wrote to memory of 2152 3764 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\cf2db6ae4d174e9fa870fd47dd609e46_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3764 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed9d146f8,0x7ffed9d14708,0x7ffed9d147182⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16590551353924603297,2084770765742257495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16590551353924603297,2084770765742257495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16590551353924603297,2084770765742257495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16590551353924603297,2084770765742257495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16590551353924603297,2084770765742257495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16590551353924603297,2084770765742257495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3292
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1388
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
180B
MD52cf6c751bc8e1f74b72156ff67174e54
SHA1a4a46196636a95ac1ec78fb5efba87ad3645ca7d
SHA256192983ab1daa7fe103d65a805f85d10e0701c16d96685aa2b1a936c00af18fc3
SHA51230ce8ffbee9597a0b641cc8c98e293d1930900b080f1714e8633966f2c2bee0f428ed35b9cb758513be214f9d01e29143bd1d2955c89b41d4b558b7f9cdede29
-
Filesize
5KB
MD5cd9e98374a744abf9979b8ba426f22f0
SHA18446d5db8c779e8345d68b28e9fd444a3b2a5a3d
SHA256ee561bd97dfdaaceb3fc631aaff174c07e0501679529a0dfdd4f0fcdae16a39e
SHA512b6985c00b43162d6b4b76794a1080fa758edc191b40967696755ef4125612a6550a9e187b86f8bf4d5d029c554ced778ff8f7d40a8108422c71018702cc8767e
-
Filesize
6KB
MD52c5619d5ffb962aa60e9839b2aacb071
SHA1134a73a4739067af79834549ca8ef0e472fbb997
SHA25637c0182c150fed1af84d92ec92666445ea1d1bfed1dd730032f58fa1ca2e99a0
SHA5129a397b3f681ae00717889e7f8bd89edd8f5e9e288f4467fe47c360b3836806593fcb04d78c9c47779b8c029dbaafa017df65a25ce217f2dca9b169130026334c
-
Filesize
10KB
MD5dc600f74a064d64a09b0d7d8ad3713ad
SHA166a52b5f3f8d8b664b22ece01cce4a120daf744c
SHA2563e0065ff9f8fdd9e9769e13a4c7d8ff57c25220df0602da26a75c231eccf26cf
SHA51203a0d6071d021d9aa1678ad6283c4986bcfcd74d07214ebe126c806a1a178f77c24c6f65405c2540879cab96b04a159ec6b5b02fef6238fc81e784222b518991