Analysis
-
max time kernel
145s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/09/2024, 00:33
Static task
static1
Behavioral task
behavioral1
Sample
fd74a95806674023b600f4dd3d0007b6_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
fd74a95806674023b600f4dd3d0007b6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fd74a95806674023b600f4dd3d0007b6_JaffaCakes118.html
-
Size
57KB
-
MD5
fd74a95806674023b600f4dd3d0007b6
-
SHA1
b1492ac9549f1928badfb7bcd04cde19a57199ac
-
SHA256
472209a97f9db4c2a64d86979e1eeaf4a0cad6fcfe3f419583e45f52355895fa
-
SHA512
0546efa2e12c11576b1bbb5440d2dadb3339255992ff590eaf5288d64033a1c92598be3ef0a3764154a6798735fa15c87639101f4ae83e8ea06ec5b359933982
-
SSDEEP
1536:ijEQvK8OPHdyA3o2vgyHJv0owbd6zKD6CDK2RVro9CwpDK2RVy:ijnOPHdyp2vgyHJutDK2RVro9CwpDK2m
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4880 msedge.exe 4880 msedge.exe 1152 msedge.exe 1152 msedge.exe 1808 identity_helper.exe 1808 identity_helper.exe 2608 msedge.exe 2608 msedge.exe 2608 msedge.exe 2608 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe 1152 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1152 wrote to memory of 1268 1152 msedge.exe 84 PID 1152 wrote to memory of 1268 1152 msedge.exe 84 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4932 1152 msedge.exe 85 PID 1152 wrote to memory of 4880 1152 msedge.exe 86 PID 1152 wrote to memory of 4880 1152 msedge.exe 86 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87 PID 1152 wrote to memory of 932 1152 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fd74a95806674023b600f4dd3d0007b6_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f47182⤵PID:1268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:1184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:3140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,13177997791944884796,4255294881207822783,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3040 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD5dc400d577cc7949716746405dd4bc71f
SHA12395f63c825927d9e15897431e2d2cc9a43a612a
SHA256382ac70d156f4462225f5e123b351fb0aa4195b6a9d31700d83d40a854b72c34
SHA512a4981f9bf34cfbcebb4437635a958a3626a878131ae2102e6f6c61eaeca1e19f56a67a4f29404c99d5bdf9981dd503558aad88ae7c4df5491b70a052a9b932f0
-
Filesize
1KB
MD5648cb9da200c1505650fa300eec206ee
SHA17d6a96835611667b98942aea86101eed18d6186d
SHA2567296c79220578a928202f231fc1cb79a06d63f28b0e4e2330c7d98272c5f79cb
SHA51256a186a331fa0e861004c64588861f6c2ff6c04cd15b77e606a8cb74c93fe4aa04b8be3de3bb99659ab6d3b7fb91d8c9c0f64a80af8302d8e97fbee4416303ec
-
Filesize
6KB
MD52a2a1f46358566b9e42c0e09fc6e3262
SHA102bdc6d8434576505fc4644e3540159f4b8689ad
SHA256eaa4ff907340f9a4b32536a1f1d5b426abd335edc0f0da7f65a7e8250445a1ba
SHA51245211cbf82bc427527e5b1d85b9f671e7ca67ee15626bfd9576a144d4bb60287d1476b123503660feca075cce0f3321bf2daae573c3821bf4528a42bd82da176
-
Filesize
6KB
MD5be7045523bb775ec7c86bfa8b7c6c4ba
SHA1df993d437deeea77bc7f7686f4f76bdc23219e5d
SHA256d0ceb15b2c5abcab1a79ffea0c011441749d67d9fbe7bb234d2828a6048c1f6a
SHA512d95502433f0eb7db4f8b96caaed332041a3cab4443c925481a7da4ca27bdd0da412e341c22f3d3744e22743868be8fc025f866b7dcb903d559afecd7fc477c4f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5d9fd47689c2c8e456310b42e26426599
SHA1bffeaf5a39344e9dfbd0f3a88039f0144c806d55
SHA256571bf4d9659d0816fe7b2179120a66dda8680b14fa95063f96b616962313a845
SHA5129808d3d469e05b74f647a212ffb51cd6bf32b67b7d44d692c788456a0b2d2fe81f2d065c0ec799014f3fd75a09b5f5a03924aa7ffd6485f3192feb2f47c1313d