Analysis
-
max time kernel
145s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2025, 14:57
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html
Resource
win10v2004-20241007-en
General
-
Target
JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html
-
Size
13KB
-
MD5
40be2a9ca30beb08f5c1f6ad89e6cf4c
-
SHA1
83f162649d78daea375cc9125adc981875fe4684
-
SHA256
0e020d6f5e75fffe845137171a6a965b212f1d24ab515f821acf4073769c2930
-
SHA512
545301db4e7921d21e05b9406aa5d05509c7756f412ffd158237ed15a4a404c5e10908e777e7562f0004b2a82c293ef75b3a352c5c3e2b956da2f7131c9f3bd1
-
SSDEEP
192:BOZyrhp5jcNhnT0VQJy3M69u0o8YHUD+U9TnsggT13QSzBbRxXP6QhduXTtaWPQT:BOO1cgnTnseuXRair7I86NE62V
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3952 msedge.exe 3952 msedge.exe 4932 msedge.exe 4932 msedge.exe 3712 identity_helper.exe 3712 identity_helper.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe 4384 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4932 wrote to memory of 3172 4932 msedge.exe 82 PID 4932 wrote to memory of 3172 4932 msedge.exe 82 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3336 4932 msedge.exe 83 PID 4932 wrote to memory of 3952 4932 msedge.exe 84 PID 4932 wrote to memory of 3952 4932 msedge.exe 84 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85 PID 4932 wrote to memory of 1936 4932 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_40be2a9ca30beb08f5c1f6ad89e6cf4c.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e4f646f8,0x7ff9e4f64708,0x7ff9e4f647182⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:82⤵PID:1936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:2948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,259221535045617791,973069055750146045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4384
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fab8d8d865e33fe195732aa7dcb91c30
SHA12637e832f38acc70af3e511f5eba80fbd7461f2c
SHA2561b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA51239a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43
-
Filesize
152B
MD536988ca14952e1848e81a959880ea217
SHA1a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173
-
Filesize
215KB
MD57b49e7ed72d5c3ab75ea4aa12182314a
SHA11338fc8f099438e5465615ace45c245450f98c84
SHA256747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6
SHA5126edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5f096856633a43b06303f73450163fa1d
SHA1fa8d5c620ad64b79d02a8e6cc15bb5cc030fea0e
SHA2569fda2e4f73c39972c804f2957498a3bafb755b420fae885b7c79e09714d8322c
SHA5120c4c9004ee56a05057f769d0884253fd698323c7126c438d8ec629e3910a43ae66f1d30c677af21173d783793b289890cb5bb1339df28f75da73552df50be058
-
Filesize
1KB
MD5b84ba968f8391540038ef2e4284c9fe3
SHA112203a1e17a5129fd36793b83ffe56507be12e36
SHA2568f5e7582d1b4c16bfccc32a9ffaeffc725dce2081f15d5e8a65bbc4cf030aa2f
SHA512b69c0d554febcea9853616aedc7f6f2551c9652d74d4ced6672feeea834d9a7d4872aa85c36af21097507e489906314f523aff2e464f0d516a6dbd20db9c009b
-
Filesize
5KB
MD50f8f34ae8074e601d1c5910f7611b73e
SHA1c8573ba8e379a711cba7b4e6333766537272d692
SHA256839313b50128e547edb14fe58d4b4a6eb005ecf7e3ec5c55e768c2c4c43d42af
SHA512ef6f6c46bba63004507c6e786ddd4a2b332226bdc8bf31c2c771e2c83d70afb78b5130def7a59e6016fe411c42764859dee24d56ca350c4009719c96e6def6d2
-
Filesize
6KB
MD57f53000a8a487729f5ddea77eafb767d
SHA14d9ce5643383c4256e0bb0bfe0cfd7dbf02d43a1
SHA2561436b3b94258ac4144a858103ec797abfc77c244775bb4eb2d9e76bd161b50a3
SHA512edcc4172a509d1122a341693b50154676363f12a0b153be5dcdcc3bc6fd3179a58b1ffa55fb18c1472594679967328390df314ffb398f0535e1318798ba08590
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5f459d68787ec8cd7a80f6cfb57deb3ff
SHA1d79118d598214e26e3307318c5ce49a9b716a70e
SHA256cb95227606c77e7db48290207cfc8351b9cad8aa1eb1f470e89bef614cd1005e
SHA512074507a096e65988022df2823f22af909f6429a1ae1267da040183a050c24c8c0e3f3df89eaa4cc520acc555e36dff34fae004b1ecb32d34d70f6cddbd695e90