Analysis
-
max time kernel
145s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-10-2024 10:09
Static task
static1
Behavioral task
behavioral1
Sample
2f3b22c324e98a589069e07817962cb7_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2f3b22c324e98a589069e07817962cb7_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
2f3b22c324e98a589069e07817962cb7_JaffaCakes118.html
-
Size
16KB
-
MD5
2f3b22c324e98a589069e07817962cb7
-
SHA1
49a4c61b25cd1c3954a3668d4fcb9c2cb32ed2f9
-
SHA256
b05eeed65972af50f14b6aedd965c8b161c4d877868bcdf9620fe6f7cc8f6ae6
-
SHA512
9ad852ab66b8011115a07d13d33d64737d955b53e2d490b70a47a842d5c181f4fcb0eaab758dd518af8a9d34ac63ce4b23d6f4b329b9f8ccb9730e817e931ec6
-
SSDEEP
384:bDc95tXQuhw0vOkxB1ZWYD0kePaB/SbPqHCH2V:/c9XQue3g1jte5rqHC8
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3428 msedge.exe 3428 msedge.exe 4560 msedge.exe 4560 msedge.exe 2672 identity_helper.exe 2672 identity_helper.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe 2632 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe 4560 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4560 wrote to memory of 4000 4560 msedge.exe 83 PID 4560 wrote to memory of 4000 4560 msedge.exe 83 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3892 4560 msedge.exe 84 PID 4560 wrote to memory of 3428 4560 msedge.exe 85 PID 4560 wrote to memory of 3428 4560 msedge.exe 85 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86 PID 4560 wrote to memory of 516 4560 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f3b22c324e98a589069e07817962cb7_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a2d746f8,0x7ff9a2d74708,0x7ff9a2d747182⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:82⤵PID:516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:12⤵PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9448774623681612984,2081380483902918367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2632
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1488
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2772
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD509df570a74f8947cc1f54948541fa165
SHA1d88676e8468148384a3adde42fb43a037cea271c
SHA256d128707a7a63dbb7c408c7dc1d08a447dbfe81286a19fa3b202b1e5bcc192e04
SHA512b35b536e932b0562b839129254c1f53338dc37e0cc591acb4ce27fac2ce96cee9ca5b23ddf0cd1c2662cb51b5023289ef6f8ca28dcffbfb8405f1074afec9408
-
Filesize
1KB
MD54c519159d8aeb5c5843e84c627079049
SHA197de056d8157be511df91dda6b971b06f59204b8
SHA256ae78a3bcf34e5ce53a95156189ecb8a40307c1af4ea570ef4708eb63a1e7052f
SHA512a5832b7e5dc4a98e03d20ab718a5f56a0d4155b7d16d0aeab067998efaffb5e0f99eebac5b21659210a3391b1a31f483713302e0ea72a427949012bda9450eee
-
Filesize
6KB
MD5eb76b656488d290be8fde4ff05d9f3b6
SHA1255c51c8d8873d8564c893df2a01a9b2a59be5ee
SHA25602345a96eddb9bf0b533c0b85fb72843ccb649c62d17e19b3d76e05adf11a40c
SHA51298778c1c752c1c0ded160344467ccb605d7970b15d02586231880dc50a52b8bbc704b6fa1dcdc9386f425d518abfc70a0f1248d93026ffdd4832abf17bb47c02
-
Filesize
6KB
MD5bb3e1bfd2b4bc2bc0553d84e5f191009
SHA1e70f7e9e98dc7ed85579003a5714b6c196147bde
SHA2566e57bd8dce7875b13875f47511a2016a423f5629071309f87a53d08453ac4ea8
SHA5126604449fee7bc9ad2c0ac70edc9b7c76c544117750ed6c340c982e1fbb0830bf1aab671f713f8ca1befafdba183bf4df38a16dbc2c4263cc7d0366c8e02945d0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD574d87c191760ee1659a9f8390720e65f
SHA1deb97c17372b5351c9f8deed68145ea62bd7d98a
SHA2567053703e23cf86b52c85de75d9e9d33c6a73d09c249bc90cf0cddf66ff7b4594
SHA5122b6a0a053a91cc714099f9824fbbcace2255f3cdf2fd1b00491295dd4443293fbdad4c082c4db265e6d886a81cdbfe422b988f4d25d85a2c19e05849df40cd4b