Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 19:19
Static task
static1
Behavioral task
behavioral1
Sample
db0d85cf37d518f3485065a5f33def3d_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
db0d85cf37d518f3485065a5f33def3d_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
db0d85cf37d518f3485065a5f33def3d_JaffaCakes118.html
-
Size
2KB
-
MD5
db0d85cf37d518f3485065a5f33def3d
-
SHA1
b0bc244d7937ca5971b8fe7667f8ca6ae85873ac
-
SHA256
7664212f0164a793c0513d535faca71826d8a7ada60f0e71d5fc1261c249bbdd
-
SHA512
923b7cd361f42caed03e8cc8bc326678ce154a94064a64f4fd1a943a6a155d16fc67342a2dfaab9ab9af17188e040c85290168b83098f16533602c8ebe4054f3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2380 msedge.exe 2380 msedge.exe 2772 msedge.exe 2772 msedge.exe 1728 identity_helper.exe 1728 identity_helper.exe 4624 msedge.exe 4624 msedge.exe 4624 msedge.exe 4624 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe 2380 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2380 wrote to memory of 4028 2380 msedge.exe 83 PID 2380 wrote to memory of 4028 2380 msedge.exe 83 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 616 2380 msedge.exe 84 PID 2380 wrote to memory of 2772 2380 msedge.exe 85 PID 2380 wrote to memory of 2772 2380 msedge.exe 85 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86 PID 2380 wrote to memory of 4768 2380 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\db0d85cf37d518f3485065a5f33def3d_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b2b846f8,0x7ff9b2b84708,0x7ff9b2b847182⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:12⤵PID:3660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16990792270275157979,146357754599799965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4624
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2068
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3300
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5f9501eeb9a89c8897474b6456d1d0361
SHA1ba89410cdb7d758a5dfacb9c534be3e263b35992
SHA25678d413cd1fb0d2ae0058c64018e6c7a618b6d47ae7fc54dd3ee857010aed8e81
SHA512f6fd7208bf59ab8aa5ff95305f0d79076dd02e7c41b49408555bf8ac5cbc8e4e1ce2cc09ef5fc7985667eb9c7e125313301271eaf1aa7c7c0cbbdc1d2d4a939d
-
Filesize
1KB
MD5e3c54e41412a0d9f2ff0b157bf23258d
SHA13a0758111d671eb4aa038a5cd20b27a76bbb95b5
SHA256a23d36ec9a5afadb977e122ebe827cebebfd5d72057f4ccd8d5ecb4b542a570a
SHA512c24eec7b94b1d027da0ee561637fe51e29885512c37569122b55890f51c9ef57c71d15d976555af4f107f19819d3d533aa809c9bb34e47d8f665718300eb5f93
-
Filesize
6KB
MD5c240cd3c556c216cc9f10a998b4fe56c
SHA15fc1ff0bf9e2dd4ad08095ab6e8932917b03aa9b
SHA2567110ce52b4e6d39f6a23cb8c930239a055b73ee2ae6ea4ee5e8a311f463805f9
SHA5121cdb5a4b44cadf2f57977ccd9a879d51c7cf51d691bf6e0d062328afa5720bcd1666c5a08ae77b14764f50d97cb3bad5d4dc4d0946d8c555253754b06beca9d2
-
Filesize
5KB
MD593938cfe4e2058b8c52930408b95a80c
SHA185ed4f321cc1f3f8fae44896da3112b094185822
SHA2565ca1247d07175ea2ebfa0ad1e452eb0c1d7dcd95ac8f9f25b6c0407adda5e653
SHA512f0fb522a6a672e4f2537034309e31406efde0ccf6131e4995a356ba9c9f1a69aac1adb9af651487ba7606ac14822ceee784df4a3115c9f5f66a94724502fcaca
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5cc42f6c8772646d0a95646bee15dce29
SHA134bc5c99c96dc6b47e313cb38413955b55fb72b6
SHA256c0d0dc0a8fdea8763cfda4601d59507b7c1eab1e908191229790fa4e749180d4
SHA51223a193b6bf91c84bc6614ced766767bc096f11c5356e689a13d335d560ebb7fab8f41c4b31267d3772daf79b6c65825ef269d442d7175756ba12d8e05bc2411d