Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-01-2025 16:05
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_18dc3d873432dd2c7abaea4f61d96504.html
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
JaffaCakes118_18dc3d873432dd2c7abaea4f61d96504.html
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_18dc3d873432dd2c7abaea4f61d96504.html
-
Size
129KB
-
MD5
18dc3d873432dd2c7abaea4f61d96504
-
SHA1
a77f67346d942c9a19ca8ff5ebe2c94b6dd1fb00
-
SHA256
0f08445823bc1ea0d67a702920c8785bd25d1063ab259183307465db67ededc4
-
SHA512
c8573ecbfd144a6d947a7ba58103d952a7a63baed1e450f73d4a826d7c4cb42d9daf72d11334fe4112d8e87dcd4bab177345025e68b0575013711a393b3350fb
-
SSDEEP
1536:bnJEEJXFioFCDrnDD9BVZfkj/f5w4w+iM:bLJXIoFCDrnfVZfM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4752 msedge.exe 4752 msedge.exe 2052 msedge.exe 2052 msedge.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe 4592 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2052 msedge.exe 2052 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2052 wrote to memory of 4680 2052 msedge.exe 83 PID 2052 wrote to memory of 4680 2052 msedge.exe 83 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4924 2052 msedge.exe 84 PID 2052 wrote to memory of 4752 2052 msedge.exe 85 PID 2052 wrote to memory of 4752 2052 msedge.exe 85 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86 PID 2052 wrote to memory of 3692 2052 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_18dc3d873432dd2c7abaea4f61d96504.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb753646f8,0x7ffb75364708,0x7ffb753647182⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13031337267627019788,4907421883978376083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13031337267627019788,4907421883978376083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13031337267627019788,4907421883978376083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13031337267627019788,4907421883978376083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13031337267627019788,4907421883978376083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:1876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13031337267627019788,4907421883978376083,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4804
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
1KB
MD5cb7a554846ad90fe9ee54a016d942c2c
SHA1728dbed0cf5042bcf0c94e4ab09727195fd86962
SHA2560f2c1fe07b44cdf4ae2f0bf76a138329a8e02c8a249ff8d71585c5a99bad4c99
SHA512031a5b874b335004429937b7817db77dadb01d73c76534b1c3ae7f32f3b467fdda1cfdefe7859a297a88bd01ec5841f56a7bb24307b9e25489097c53689ea9d1
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
5KB
MD530ea81d450dc7955d1500095146e70ef
SHA1953ab97e4c662ec62d2bde5e8fcf0f55089e53b1
SHA256c26b020d60bb47332e050ed447b7432b8dbc86358e5dd27ae9785a4087c12877
SHA512cad6a9cfe9f9a56ef357fd751aaab923e54acb6af23725df867863fa8ba6aa2922fa8bb906fc52d451d828c0788df605b785fe1595f38d1dee6355552ae42ed4
-
Filesize
6KB
MD55fa7bf54860abdee5e9296dfa419dc4f
SHA1a8cef1cb15fea6caf04688a87e78c1c06d03fb70
SHA2569c491a9d8aa5384007b7d4c3b0d160ab176658ffaa023db1f073aac6b4000ce9
SHA5126a0d6aea522835fb0bdbe452813495c80a1590c8d1dda565637c6925d9826353b41530ee57b6dab34505f7d008b9472d93d473ae89158336dcf672844b8945ad
-
Filesize
10KB
MD51fafd4cf493e8bdb407099506800e8fe
SHA1fecad862c74e68be039ca115cf24404add266476
SHA256d2a344a3bc3ba78d174c6cbc877a4225307ddabcd02c5d2e0f8408b4d80bb4e5
SHA512e72135aeda942f8d837becec075f6b5286eef8473cba0b375317b56dcdf1ce56f06d89a55ea918c00b8bd6633d3d043ba137324b1f16bcc3b57818b125e3e751