Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2024, 20:22
Static task
static1
Behavioral task
behavioral1
Sample
7ab3808939d2f298e7733b8047188d24_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
7ab3808939d2f298e7733b8047188d24_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
7ab3808939d2f298e7733b8047188d24_JaffaCakes118.html
-
Size
158KB
-
MD5
7ab3808939d2f298e7733b8047188d24
-
SHA1
746ea0a518165d466ed09205f8dff4908ce9cc03
-
SHA256
45a6c3dbb7e3fff7b6267ee50bb0254a68f4685da9095971d05f004a21b8d3cc
-
SHA512
98b6ce35505c14e38c0c57f4f41a2f87ebafc6da94cf4a871df89b83ffc040346f2478ee435472cefcdc733bc12603663237a257b04f916874c79b87ccefc1f5
-
SSDEEP
1536:iGRTdTtcy7DLg+oocXryLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXu:isfwZXryfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3256 msedge.exe 3256 msedge.exe 5116 msedge.exe 5116 msedge.exe 3244 msedge.exe 3244 msedge.exe 3244 msedge.exe 3244 msedge.exe 2568 identity_helper.exe 2568 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe 5116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5116 wrote to memory of 4176 5116 msedge.exe 84 PID 5116 wrote to memory of 4176 5116 msedge.exe 84 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 2632 5116 msedge.exe 85 PID 5116 wrote to memory of 3256 5116 msedge.exe 86 PID 5116 wrote to memory of 3256 5116 msedge.exe 86 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87 PID 5116 wrote to memory of 5028 5116 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\7ab3808939d2f298e7733b8047188d24_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8666a46f8,0x7ff8666a4708,0x7ff8666a47182⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:82⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵PID:1308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,5193673380325008627,13206692347626523623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:4456
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4992
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
5KB
MD5e765fc034584bf9ae4204f27fa4e84d8
SHA1c10323143476d9a755813615c86e9d0b4e59a2b7
SHA2561abf11acd37ee72013ba6b1ef9cc30766d0f9900c72c98824cb9fb4c7e85b10c
SHA5128b3c594b93feede5d854f4c306dbd5e59ce7a0e3e2812adffd60ad50f4a785d4c32ab2d733a5d4f77d0930f0c2ff3e378803d82169af02dd23d42eeaa1582f25
-
Filesize
6KB
MD5c37d9cb92c918c65813e4944c7dd222c
SHA15d1e0059f2f79adc524195b6b9868218b7416aec
SHA256edbb30432d6e7aa94de3e170064a0ef14e89351367ecbac6c931ff82582a5490
SHA5129e1b379338a999c7496cd0ad89cd01a2d8ead4a060bb24e79a68aa083bd2f63e5990de9f53a951e134bdc97a82f350322c945ff764a884b681665d9cba3359e3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD586d3d22f4b94c584841e55000db77631
SHA1b71fb53fd5a2e42c98aa87de3fef9852040227bf
SHA256988eb2f5b57420a64c9de83132f2e1b9d5f51248293c58d565a2fcb91cf78ace
SHA512efa37e4ea1b2c88a20d173b651e052ec79adcb440c245763db902affcd44ac7115aa58ced9b842ff4fb1cba5892fc012fb1eaa3b997d38f6e78d3f26c13d5aea