Analysis
-
max time kernel
140s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2024, 16:23
Static task
static1
Behavioral task
behavioral1
Sample
7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118.html
-
Size
155KB
-
MD5
7a690bdc5bcc7c124964a50e262ee941
-
SHA1
eb0f3472fd2897f0c9be407afec6f46214dbf3ea
-
SHA256
3ef842afebd57c5b7a34c7a52305a5a0aaf36956f5662c5f9f0a018884cf7f86
-
SHA512
9b2e2cdc634c42ad75c0fe7fb349e1fc46045729c3708cc55a7cb370940a61d8f68938edac43d9c7c0c070e7d15018d2393485668375383b70c4be7eb9fa4778
-
SSDEEP
1536:iTRT21hhFx6olXYyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:i9ap5YyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 856 msedge.exe 856 msedge.exe 2360 msedge.exe 2360 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3720 msedge.exe 3632 identity_helper.exe 3632 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe 2360 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2360 wrote to memory of 4648 2360 msedge.exe 86 PID 2360 wrote to memory of 4648 2360 msedge.exe 86 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 1084 2360 msedge.exe 87 PID 2360 wrote to memory of 856 2360 msedge.exe 88 PID 2360 wrote to memory of 856 2360 msedge.exe 88 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89 PID 2360 wrote to memory of 2900 2360 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7a690bdc5bcc7c124964a50e262ee941_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81e1e46f8,0x7ff81e1e4708,0x7ff81e1e47182⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3044 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:82⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13931520997849829283,13058686875311730614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:4812
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:880
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5264ab9dded45c89ad392dfd074da3ba2
SHA1b22270b27b3fb3f2473eb928b47cec3ad404bc5b
SHA2569ec9638972036f53a0cc042d64163262f3dadc2c5ad9c0d8245655e46889f6d1
SHA512e6bf96fc980bff1468a545c96017d6a07b292152bf0063f1086e038b031d3ffbb3cc5c47f7bd27b87552683d1b6b389f6ee2c4fe4807cdbef66a25677da21166
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
6KB
MD5903c501d19069f2edaae225a82ca4bf0
SHA1a52a3c98511ade4d6708c7b8435837c32015883b
SHA25633be4bf89653614f6cc2842dee0e736907a4a455edcb3b1fb297ec1f2b634a8b
SHA512fca11354d7136ef21b0adb26bf222b9b52520b01fe4d05bd12f87cc3571c61c77703cb0633f8d959312e50475515ffd58656aa85e48990b1b64be57de5a2f671
-
Filesize
5KB
MD5c5f2ee87d198bdef43dc07cc0fa60776
SHA18cba3881a9edb480499f39649c581e1bf5cd26ef
SHA256b59ce2ce24c18de1c9ed10167b9cfec7d6da527cfdc9248b9ad31de0a7e5f0e2
SHA512ad0fc852dac4cf2b4a5f86ab69af10dba282d990c656cac7d95710634c1ccec879dfca43e999657076fb05a756a1348d1b9e6a9a474e2ce8c8383a843f12e943
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389