Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2024 00:02
Static task
static1
Behavioral task
behavioral1
Sample
3779fb116ed3e530ee6d3359397c25c8_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3779fb116ed3e530ee6d3359397c25c8_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3779fb116ed3e530ee6d3359397c25c8_JaffaCakes118.html
-
Size
390KB
-
MD5
3779fb116ed3e530ee6d3359397c25c8
-
SHA1
0c8abe23b01b35976534349d4d6cfea6aa17be59
-
SHA256
f24c1524d81649dbd440574aef0802b16ff423191e15f837f87428bdbd1623ff
-
SHA512
ede8fa0f5d5b8c3d6133c4e002c404514d096df46f798cceec99597c997efb1ecf3a78cdb0b77aaec687e206cffe3449da492e9a5cff9057d2e9da60ae3c2792
-
SSDEEP
3072:UfMvJhFypzTJ9nVLj9dWLNE7qc8+L+D8JP+Radnb5OQQsD/E1Djk1iGo11:mMom8L+IJHnm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4420 msedge.exe 4420 msedge.exe 3184 msedge.exe 3184 msedge.exe 4408 identity_helper.exe 4408 identity_helper.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe 3184 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3184 wrote to memory of 2016 3184 msedge.exe 83 PID 3184 wrote to memory of 2016 3184 msedge.exe 83 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 3480 3184 msedge.exe 84 PID 3184 wrote to memory of 4420 3184 msedge.exe 85 PID 3184 wrote to memory of 4420 3184 msedge.exe 85 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86 PID 3184 wrote to memory of 4832 3184 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3779fb116ed3e530ee6d3359397c25c8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6dfa46f8,0x7ffa6dfa4708,0x7ffa6dfa47182⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵PID:2416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17322212022623008780,9347819018341736325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4672 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4856
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2708
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e4134ed-ecb2-45bb-b1f6-8b9213b202b0.tmp
Filesize6KB
MD593b0deeeccb3ea4f9849e9990f68521a
SHA17409d28aad7655c19c84c981c5d2b513953f5094
SHA2560e2d06584a26ff1fec02c87d3d311da927fb499317db0f727b4aef4bb0ce8037
SHA5125cc0e8aaaacd318efe1f2ca811406ccb0a4145f7f7c2fef5a2342920fc79053a2f0df4b03594ffa150555cf4508e796ba6281ef874a1bb65e0ae519ff244906c
-
Filesize
253B
MD57567a9167adfa51fa39feffc19925148
SHA176f6b5f7d5265aa42f3535d732ed4fa93ba8cbb2
SHA256ace205cd18991b86a4bd3adee5534224e611eeddb36929a57c1ea2004eb35463
SHA5127e74aacfff82f5f32a90cb8369e78deb0da8979f9962bc51411c53921765f4b16ff3bb8b4d785aa0892a0bceb1d12d7db3e4315712d1cdcf00b367ec9712e468
-
Filesize
6KB
MD597a6c0a6a18303734322de2a0fff1775
SHA13093e33300a4cf884d83627264545e42c4b6f71e
SHA256531b87d5dd2455af56f48419db895e148157ff645553dbf06350089fe486ec68
SHA51226be703f0a8555ea527e68ee8bc1284ae32bff34025b34b61a40e1ae836794b1edef60f44d475dfdf44a7b03c8182d280a5e6ed2bdee163a0f912a479efceba0
-
Filesize
6KB
MD5b15511f63f26566fa09bd224f82942a2
SHA1d8022473a2244fc78fe87e2aed169d17aa6cb64c
SHA2561040ddc383d3d120ac489aa54b2abaf09c18a0677926cb44598209b40717ffbc
SHA512b8ec4a1ca40fd9685858230f88f5aa72729dc068c57ef3f3eacbd4454586c260e2f5b68ad5f874bca0da92a4ad7ad61ae23d5f29a350fa23ec0cf2e5165d8ef6
-
Filesize
537B
MD5120ef1821976ceb5cde4d7ca5e2535b1
SHA15f515a7bd555eac244c2f5c50a8a1acbcd275c6a
SHA256d28f010034be8e0f285d20f47556ee265832c9e4b0fd1e8e085ddc0a05985356
SHA51259610c268ab09ed74931dedadce48bd211d41ca6fcea87bcb428f79f2fccad9d806b125df067e01f265fe3ff37622f27b54a43440221743567bbd29d39d66c47
-
Filesize
537B
MD546a616e62646fbd3bc4349327235811f
SHA13243a184154b788be057220b6cbae55cfdcfefe7
SHA25615848cdc9c919f8236541df8d0f3ba60d9206495e28dc9111043f2f03a0c6b6a
SHA512e7b8b4365406d5304a3078c969a2a0643429edf2ae06f966dedf706547ed643208bd5975b994ffd50482266c2e328dba10ef59390ce2c6f12caee035d6f974ac
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5e94f1f1dd5159641855ccfe75d0ffdb3
SHA1b8943963be3629c9fcce70fccdc155edeb55dd80
SHA256bada7f0c8265e75295b8c6c1e224f678a74be914fdc736ed88f5e40150f1dffb
SHA51262905096da133a1652ab5846022e092d56e0dab0fb76f647f5ff15f8251fc395fbfbc1875e9860d795059cea0d72d5a689adfa98acbfac723411b27d471c63dc