Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-10-2024 09:28
Static task
static1
Behavioral task
behavioral1
Sample
3951f0a177f5ef0135d41ffd8b6eff21_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3951f0a177f5ef0135d41ffd8b6eff21_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3951f0a177f5ef0135d41ffd8b6eff21_JaffaCakes118.html
-
Size
69KB
-
MD5
3951f0a177f5ef0135d41ffd8b6eff21
-
SHA1
f4112433c9f1e1e80c240021086157aac7c88c96
-
SHA256
b9605b7da7f5f75a4341f5d703935b1209d3aab9663ab426b7d848a1b640073a
-
SHA512
f001c332e438552457bf132bad5d35ee17f4be577bbc97680ddfba92a8b4a488c8c8efd5813a2a09916d3fd7af93849a31d11a9773e6f5bc3273670499943b54
-
SSDEEP
1536:gQZBCCOdi0IxCGHsY7vuRW9R9FkjXFo2zk7/wyZLhBbkaz5xYX5eYqYjZFoQ7n61:gk2c0Ix+Y7vuaR9FkjXu2zk7/wyZLhBP
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 2484 msedge.exe 2484 msedge.exe 4996 identity_helper.exe 4996 identity_helper.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe 1008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe 2484 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2484 wrote to memory of 4540 2484 msedge.exe 83 PID 2484 wrote to memory of 4540 2484 msedge.exe 83 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 5044 2484 msedge.exe 84 PID 2484 wrote to memory of 3120 2484 msedge.exe 85 PID 2484 wrote to memory of 3120 2484 msedge.exe 85 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86 PID 2484 wrote to memory of 3272 2484 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3951f0a177f5ef0135d41ffd8b6eff21_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd01646f8,0x7ffcd0164708,0x7ffcd01647182⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2372 /prefetch:82⤵PID:3272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13724937740062379009,4254997055431769313,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:536
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4024
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
215KB
MD51585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA25618a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA5127021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize504B
MD560b57c60bb8a7f08a0c8642459b479c3
SHA1e1c349b2a69a4f218ce6ca3057d0a119ef33a75c
SHA256584629526d8b8e458e283b1bd9530643265f489e6d9ee676bd6ef1deca2b3c08
SHA512c4ffc8eb83793ccf822c1bfdb02a54a6033da9a1765ca9926b278b2c412c966f29d132bd049c9e654e8ed58e332e59e50069f17347517fcbd4fa8243e2729e48
-
Filesize
1KB
MD5aa2ebbacdbe3a9513f962d7224132d95
SHA1a9235bcb2556984e63e71334ea251219966f0dd3
SHA25619f7e57a613451fb7db1380fd405e1efe8b21c495ef61db5ea493cb08f640428
SHA51209e090829f3ab7db9c3e6b4eae736efb707956bd6fa1faf8f62e0b98aede5e4a21062f0f20ec04794de8fa5aef601cb5605aba2df286b3c3e5e6e8790c632afd
-
Filesize
6KB
MD5288027b0eadd5e756b05673da928c621
SHA183efa59c9321d2a02b5c633502603520ca47f723
SHA256da753f91d3d9c4aebcd1d8554f53f8b8a515acac08ef932ca7a0954670236590
SHA512456293fef9fdaa09828e120d42227a952ddd8862bcc4150625fe9b8df3f0a83b0566de00c28daaeabf4d69021b120df3946b52ea27793f59069517d32dc542c0
-
Filesize
6KB
MD5a7bc592b42637fe52984407606d31c21
SHA1c4c127e8b8273a6dda9a6dfcf32c14548f2bcda3
SHA256e3ad984665b0e1c6a715fab1205510bb9d4ad5d714c73fcf483c4932763c335e
SHA512d93a8532e0fd716ede3ba4284d0c04e554daeeb011bdca388415a5cb6f03370d4ba342549fcfa97a6cdddbeff2430d14a150e26bcd029b1803c34ed8c1db7d57
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5bf83edfe9feeae384ef7ccaa9f9709fe
SHA1e416fca4b0cbf973588a98b61c03cfc9515dccf8
SHA256dee91ca5db6a4a7c4fb21f53f9108ac1a4b8933c7e170dcd49db18e5401b52ac
SHA512cb862609e224ff1181e13599468a310702686bc860462a9abe9df0ff665eae12b805770274d37ad4efca086f4077dd4b8e6dc6cdd84899a008684805a8a59aa0