Analysis
-
max time kernel
145s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 16:50
Static task
static1
Behavioral task
behavioral1
Sample
dca555bf7f9b6da36dc327692a39d7f8_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
dca555bf7f9b6da36dc327692a39d7f8_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
dca555bf7f9b6da36dc327692a39d7f8_JaffaCakes118.html
-
Size
91KB
-
MD5
dca555bf7f9b6da36dc327692a39d7f8
-
SHA1
32d8f5aa7a95a8a20afb7f6b99475d30d6ddd6fa
-
SHA256
ddc68925a347dc60ac96106e85ff5a450fb0609ed12258baa22a5917fd6baabb
-
SHA512
226edbcc9c98ce9d4940e6931df448c5691a521058f5e035c888a2900b90e31dac642588b2c8e971fe925e984cbcda418fadec40e593aa07fa7b539a51e25681
-
SSDEEP
1536:4xLOfZ6xyxyxwAwMqwMhAc6f+RuyubTehBNbcykuQGAuLb7DxeAc/4Zv8ht/G:4xLOhCwMqwMhAc71uehBN+LGAqPDxeAp
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2536 msedge.exe 2536 msedge.exe 2112 msedge.exe 2112 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe 1792 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe 2112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2112 wrote to memory of 3780 2112 msedge.exe 83 PID 2112 wrote to memory of 3780 2112 msedge.exe 83 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 4044 2112 msedge.exe 84 PID 2112 wrote to memory of 2536 2112 msedge.exe 85 PID 2112 wrote to memory of 2536 2112 msedge.exe 85 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86 PID 2112 wrote to memory of 4852 2112 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dca555bf7f9b6da36dc327692a39d7f8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f747182⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵PID:4852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6951567233367890770,8021275742153604048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1792
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1836
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d7114a6cd851f9bf56cf771c37d664a2
SHA1769c5d04fd83e583f15ab1ef659de8f883ecab8a
SHA256d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e
SHA51233bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8
-
Filesize
152B
MD5719923124ee00fb57378e0ebcbe894f7
SHA1cc356a7d27b8b27dc33f21bd4990f286ee13a9f9
SHA256aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808
SHA512a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD514e12e69026f1da8650af8c226213a1b
SHA1ae87956373d6e532b1762016dd4bcd2ceabaae1a
SHA256d4b7f4ca214cf02326403d3ee850cdf2ab8cd8722e5892dada235bfcd878921b
SHA5125495fa4f5d2227ef190a3416a34d82b6fd2080ae91b509577e32da4c259be8c943c3ab8885354051a2adc85dcf961315c04905b62c31555a7ffece683540f578
-
Filesize
1KB
MD5f5ff372e2279fb7e784759de2b4c9cc5
SHA1cd17db8ec1ac63bc7062d2e78bdf11189734f1eb
SHA25600caee14edbb20b6387ab65eaceaa412d9ad0e3c6d85443977d4f382c2cb7bc3
SHA51295639b0afb4265eaf501f5eaff8bbd91e0e387afe65199491c6d2bdd3104a8637d11fa21ff5eb27605383af3065211163a5b92e6ccdabfadd332960bce8af108
-
Filesize
5KB
MD5c57f6f9dfd1e1392d4a81285ca5fe40a
SHA12bb458e5c1409e65007f878517dad54e5cb661de
SHA256a047829dda9f944600542dd8eb2dd67adfffb40b26144a2c95f0f854b46a1b0f
SHA512abaa1ed4aba0887b0c4122b8c9f9d403b838d587f51b2e7d9b97a618a187e9edf4362cd5abe7aac5ec2ef825d2b6845ceb7e8771b401f0bafd33c9acb4e0fe09
-
Filesize
6KB
MD5fa169a47afc84fb58907d2d7a5d672c7
SHA1ff04ea91fe85231af725da8702a8da827488d721
SHA256fbaefe51969c67ec0924a3b3d431660b073723024815cfa840cf9e8544ab1976
SHA51272c821825352ba74ae714cec2e4d9b62b091070689458a1ed6cfd018d6a79728941d2347a93b84b3616140a0b17996b92765840e8b2bd5a9b5c2b3a6db660578
-
Filesize
10KB
MD55ba9f34c6dc8138f0fad00407b074705
SHA176da2cf0e3a67671652d68b132e44d2326f4443a
SHA256bb87f26effc186eb0d45f69a681591233ea894755bb641a25f42c5faab98517a
SHA512563e80e71bbddfa526af90735b5d5e8e69518637ffd45079418c2a9d463e63cae8dc84801be0f8c6fd5be682b65f9a514a277ecc0618982c23774baee7b0f6a5