Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2025 15:01
Behavioral task
behavioral1
Sample
JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html
-
Size
236KB
-
MD5
cb2045801cc12ea04993be975ff6e245
-
SHA1
5a24fa858cd16044917b535e782bae3c5017c49f
-
SHA256
3e38139a1522ae0072432793668ca41bc5c0fe4ba05cbfdcc44ef285b5d5b7c1
-
SHA512
cb36e81e6de66a0b55dcac7367c54cb1dda0dd213f07ca7254453548bc8ffd2c6af219be11de5084e1fae7585c0564a894a91cdb7d193cdffb0e5f6190bbcb2f
-
SSDEEP
3072:4f6QcITclgtyk4HMglOly5265BaxZOf3T1F2zt0fkbE1hF4qsOh5FaEXrlm:4jZTczb52651f5FDfIh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2696 msedge.exe 2696 msedge.exe 3908 msedge.exe 3908 msedge.exe 1912 msedge.exe 1912 msedge.exe 1912 msedge.exe 1912 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe 3908 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3908 wrote to memory of 2848 3908 msedge.exe 83 PID 3908 wrote to memory of 2848 3908 msedge.exe 83 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 3824 3908 msedge.exe 84 PID 3908 wrote to memory of 2696 3908 msedge.exe 85 PID 3908 wrote to memory of 2696 3908 msedge.exe 85 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86 PID 3908 wrote to memory of 3832 3908 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd22fd46f8,0x7ffd22fd4708,0x7ffd22fd47182⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:3824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:82⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1912
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3140
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
49KB
MD565da8d6932ad74d3b51694b5a28dd0bb
SHA1aa6e37cdacda153f499c299299a4dacf50c93765
SHA256309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482
SHA512bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015
-
Filesize
34KB
MD5022b55bf2e87557e4598d3efc85b20c5
SHA13212e3e3d4b0adb40d3eb18fce62f65082b260e4
SHA2561ca0d3ee1af6602ff407b8435f010be0cbbdf2447f8b1a13495cbfa1beaebb5c
SHA512f9fb708bf3e9771b87f5661d8939649f342279583146c47ffa62a8c29d678e957b283d479666191a92559762725f2e1349de40450fc04d2decd79ac5fb0ecbb3
-
Filesize
20KB
MD53d7688cf19f50a406c90a82941cf2714
SHA16b0af15bba9126d5e72bd88e3e6f90233516636d
SHA256a2e244cdfc53faa19f51296253c975c1078c76fbe65b694e7081dbd22caca7fc
SHA5126c96cdfa85bfd66aa4e8dafd9c9697d632d5ea61809af89b35a1ea86e0115a2d81b0ba86cefae80773ba96dee8096a8accabbcdc76890684f5de2e017b477213
-
Filesize
34KB
MD5c8fb7b22297d19be667d11c600abf5ee
SHA10670a9e14ca4eaab654c222d4e991c48b6891dd3
SHA2560ff4af60d94ba2e8b260a9916ca946f893be2bb111d849f6fe821ac845de77ba
SHA512e59e3f74f8c646a972ab420c8d8831bade469d49bf52561f5cc055a9316f8e94c39b1f18c91fdc35573bb4709b13518ea9fb608d8a912e3d92893461bcc3b2c4
-
Filesize
212B
MD5e1f1c31e6e88df93a5e314084b0c5150
SHA1b52be079eac14d2228899c571a623d01637a98e5
SHA2561f67b72a75ca387f531c6dc3b72cb02a4fc727ca5e511c1aaff6de645e6edded
SHA51230b3647493f4fe1c52654f9a9d3f3cf889008c1157547b7449ac216d756128006172a0a8ad2ab0cb38757950511678411b531120e6aeb3257c3033271efba663
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD5aa6542417dbeb58a81c28e3f424b6b2a
SHA1d3945e93d63be4a85a9f33183ae9f074dbd4b366
SHA256a399f054afb121893649ed101689888996ecc700c5c7ab8cf762599aaa518c37
SHA512fcb42feafe81e1d10fad60d2d6f0e51931293828877b7859f4ff5f0da12c34206f19a0b140021214039726087c201a0e3a690d137425492d8f5d7dbcd7aa7ed2
-
Filesize
3KB
MD530747a02984ea10ef2cec66f43eabb6d
SHA14a10e585ab8521fe9f51335dcd9a198d93704baf
SHA2568b4643fd3bf7a09c0e1a46624c1562388a9d49d24c36b81673abee24d933c755
SHA51251d4a974b746770feaabff75ac899036517f2195ac8cd905940437b27bde60897c5f0dc4d927744bbb85e282f76fa76f9382dea33cd63a78f4352e583dc3ae4a
-
Filesize
3KB
MD56c901ef797d1034f89911e34f0ed2cb7
SHA10a96205341b358c977aa3334606585fd06e30360
SHA25623157df5c25fba6c13a57dbf3f329ad4ea9392c67a7f9796c74774d500687d48
SHA51241bae63bb6f775869c837ea65215f9edfc150319b599350275d90eca10de233929c7a208ff8024f9927d09e2918c7687fcb2ceaf473ef97710f00b8728eafdac
-
Filesize
5KB
MD5f3e71051545880efa1b05ca3285233aa
SHA1533d04f980d9ed28b0e4294fbca109b1df858e8e
SHA256b4a6d4e787086c8f59edac4321c4175240703e09fa65a348b271224ff0ba20d1
SHA5129a57d317a8e6570f2e5b2e800f1339ea7fe79b3ddd77c1cf2d610ed234aa8c305f0ce50a63372287456cd4c5a8cd78dc4f8b4927b993aa19030cc588dd9a14c5
-
Filesize
6KB
MD564e34e3e3ba8d9e6363ea9ad2402d29e
SHA19ecd6a404e9e643ef1982895188c70523811e381
SHA256c26de3af84c8e866db87d6052b2ef95f9b179b70f710c855ca0e68a0a55b29f2
SHA5124cf6a345e4aef03bdf6fb1ce9b39be7433142809c93c79602a62c56bf385e1f9bec298ef099a861a1feb1c58945baae5629bbb22cd70bde722c3006c9b68fe72
-
Filesize
10KB
MD5a2d5f4639cd54d272f7f9a90ea77389f
SHA18f14f1d6614862b5f995a98da750c8a36250cf14
SHA2563383a78d3a97f282c9c1c4c3bf087dcd32947da8f9659939920be8f63cc3375a
SHA5129d370f77095ffc0ee6eda6d2f5d447cf73afcc779539397dea9993623de79626b03210c9de66a32d78bb45ac825cd8dc52cfbdd54e0a970dff848b08e50ec56a