16cfebf8c1f9127a2e0ef078f279973d8ab408af9d0e99f7c6f9a07f1e728239

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe
Size

8KB
MD5

fceb7dd8c689393582389866208cf6fe
SHA1

79cdea8594ca6d58161e008b22aae5f0c149e94d
SHA256

16cfebf8c1f9127a2e0ef078f279973d8ab408af9d0e99f7c6f9a07f1e728239
SHA512

01388fae7fe75d77dc7e3cc03aa7a09cb04164d65a4ef7ffe561c7587c42f62c7f5a8eaeaebf16f6d422fef39a6171322cbd819b04e45afd701928c8f02c9fef
SSDEEP

192:ybjmJpxbq1ecenPiyCLGHbjmJzXYWu8+M:ybyPxTXPiypHbytX/

Score

7^/10

microsoft phishing

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2248	fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
5752	fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE

Detected potential entity reuse from brand microsoft.
phishing microsoft
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
1728	msedge.exe
1728	msedge.exe
2616	identity_helper.exe
2616	identity_helper.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe
5612	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe
1728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 2248	3984	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	90
PID 3984 wrote to memory of 2248	3984	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	90
PID 3984 wrote to memory of 2248	3984	fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe	90
PID 2248 wrote to memory of 1728	2248	fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE	96
PID 2248 wrote to memory of 1728	2248	fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE	96
PID 1728 wrote to memory of 1432	1728	msedge.exe	97
PID 1728 wrote to memory of 1432	1728	msedge.exe	97
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 2184	1728	msedge.exe	98
PID 1728 wrote to memory of 3880	1728	msedge.exe	99
PID 1728 wrote to memory of 3880	1728	msedge.exe	99
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100
PID 1728 wrote to memory of 3092	1728	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
  "C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff94f6a46f8,0x7ff94f6a4708,0x7ff94f6a4718
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
      4⤵
      PID:2184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
      4⤵
      PID:3092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:4448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
      4⤵
      PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
      4⤵
      PID:600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
      4⤵
      PID:4348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
      4⤵
      PID:5364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
      4⤵
      PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:5828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
      4⤵
      PID:5908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
      4⤵
      PID:5520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
      4⤵
      PID:5300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
      4⤵
      PID:2392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
      4⤵
      PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13102627855753652645,11922487750428297360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff94f6a46f8,0x7ff94f6a4708,0x7ff94f6a4718
      4⤵
      PID:5740
- C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE
  "C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE"
  2⤵
  - Executes dropped EXE
  PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0x40,0x108,0x7ff94f6a46f8,0x7ff94f6a4708,0x7ff94f6a4718
      4⤵
      PID:6096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff94f6a46f8,0x7ff94f6a4708,0x7ff94f6a4718
      4⤵
      PID:5956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
33KB

MD5
700ccab490f0153b910b5b6759c0ea82

SHA1
17b5b0178abcd7c2f13700e8d74c2a8c8a95792a

SHA256
9aa923557c6792b15d8a80dd842f344c0a18076d7853dd59d6fd5d51435c7876

SHA512
0fec3d9549c117a0cb619cc4b13c1c69010cafceefcca891b33f4718c8d28395e8ab46cc308fbc57268d293921b07fabaf4903239091cee04243890f2010447f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
9a80311c00840f8d5aff885a15cd21fe

SHA1
944817a9cbfc5fc3cae13255778fde09c512b968

SHA256
f8439632806e71775c8b8bfb3cb9589a5ccdfcca379c74297a7ce71e08f971d5

SHA512
282a12cb2ebd662dedc78ef58682e212de48e03954fb6e5e2cfb33e49a7e6f9d9abe16276b4e54c659ec25a8de8302df91c90bbf2410c2d8d2b89241bdeccf7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
79KB

MD5
e51f388b62281af5b4a9193cce419941

SHA1
364f3d737462b7fd063107fe2c580fdb9781a45a

SHA256
348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c

SHA512
1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
581KB

MD5
78bf08c32af19ca1ad723fe41bac1232

SHA1
81c01f0f00474aea9d5d441df2cd2086a3788bd8

SHA256
bf761cca9045e1eefec63e0335177be474776e2a2dd40a1ca275543e37b06a4c

SHA512
9df51f0e9b14f3b738a662261716e58c6350f80ccd8006a383abe85edc09b66bf8b1f87c4b77d849ab38daf509c3bcde67043604baf13c722eaff24e5b683e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
259KB

MD5
34504ed4414852e907ecc19528c2a9f0

SHA1
0694ca8841b146adcaf21c84dedc1b14e0a70646

SHA256
c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810

SHA512
173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
34KB

MD5
522037f008e03c9448ae0aaaf09e93cb

SHA1
8a32997eab79246beed5a37db0c92fbfb006bef2

SHA256
983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7

SHA512
643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
240c4cc15d9fd65405bb642ab81be615

SHA1
5a66783fe5dd932082f40811ae0769526874bfd3

SHA256
030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07

SHA512
267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
77KB

MD5
fea53bba61fc870cf11f9319b6dc8dac

SHA1
1d3f336a59c0d3a02bf266f97730e181e99b9863

SHA256
8e782162edc85a716a26a328b6e78765bf4056bae5f41a1fb449413cf6486264

SHA512
3be6a4f2877429489f4d04ce0363933ddc8f9e77e2bd587cf04a4c1fecbc44005896b4641cc21e18a156e5643a345fca7ad197bc07744c3051061cd31441923f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
17KB

MD5
9d54aea8133fc8cc3dcae9ecaff9ef95

SHA1
e9eb3e8f79b2ae8f096a2079f9fa5cde72878b13

SHA256
43d0f83450a823f30b31ddaa4bf709efbd6091ac7f0669ada5533d989cb0cf01

SHA512
2166d2d341f2a7f9b9b47f9977b00b0cc7ae933140cfcad11a081e5e67a469d81b0ae7feb727e8d91a48b1631c5934eaebda9a8caa0cffd524dc9cc73824ba4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
79KB

MD5
049412f03408193f0103637411b42627

SHA1
540da51436d5a9e305bb113fd522b91448348813

SHA256
ba778d4f93dbb62ed50333a967dbc34bb1fd5c9b45ed90b7366d72bd6a2955db

SHA512
90f11094e997cbfa3593fe6a365b0d942ee03eaa9512ab73c0b6d7cae409f7e0b2b15118944fb4dc113169f2ba900ebbce9bec8ee34c3832c5579f217b784aed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
8b5b7b796d252b0a8379360bebe5633b

SHA1
b8a48bccf01e0041cc2efe421a8ddf4d1050c052

SHA256
ede21f04f6c875c11ee2384e73d0d81a42ae10eef149593af651dfaa962bf580

SHA512
8d5e26e605ddc554edc402771f8673669307a0bf5d2105f380177bac2700094c2b0e79a154750a1b7bb826dbea886f5530a10020e59f26b5c734d1e81ea001da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8be00cbc9c281f8e27af136966505d11

SHA1
aef52e4f0f3dbf0b178a6453901f12b311d2320e

SHA256
5fcc161196acdefecbc62103ae01e0bb39b0e6a541ddbd18dbc877ce3510689e

SHA512
62549ec03774c10f8a99cfc10e0196ac1ec44e950dd60a48b7afa7f8df419e281145eba4e232704c81c8f1f4a1a6b9d27a859c790e2b874edfb4825a3ff574a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5630bf64f38633298ba2bc0abadcc06a

SHA1
0ff1e115da3f4338e03f2d01251514e8d7405407

SHA256
82dbdcf1c7686c167d092daaf33c1cc1436b727d216dd66b2b4c818e7592dca7

SHA512
6871cb56848220b9cacb76e0fef636b98588c69272cd5c96092bcbac08b161a7f441bd2df0ca23f971467435b4c5619f539b77259fac27bb0238cd798bb19c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bd642cd8cfa3b3a0e9efdb4df5052ec

SHA1
2ca532e2c0f53548d042ae48acbcc14dba8f809f

SHA256
919a56299cfa868570871467e8318b60c5830cb54b0746162f6ffe51e604a9c4

SHA512
ee8e299672a1c8da76caa2b511689fc0fd07b6649fa66271b67e8227a9fba344734476e9f0f181cdceeffc669f920e3ed2f6e88ed0b649fe7e7c24898a98614d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
866fc62489eb9bef5ddbbf0624637987

SHA1
8df699fa6d9ff7a850cb0c43df7c5845138cf381

SHA256
1650bc3193ac5468e0e6c1c96545c3c5d5d62ff4012784fc96557a5f1c980f2c

SHA512
878ac39f4216b0d346724a9569817879dd34d5983d3f31edc79be132ae5f6cf52f9d84c3fe75cb1fec749bdac1c736c4cc9e5aeb17f25fec7055f29cfa25e6a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
585f5ba36872d7a1a94ffd101f75adfd

SHA1
3d8313d99d4a1edd8d814017d7caf23860588083

SHA256
efff464732342933f7184a7c2299df286843aeb1a4613885f2f8162301f24f46

SHA512
9c332b8019636d890f4db487d7776a76d771d085010b2b53537ba0755b0c747d2fe8a7fcdd69320cf4cd036a57766ad45911935e4e85668a144301c4f75b2ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
480aff9326afacde11713a4f464ba51a

SHA1
959f3499df844da04058b63df61b613e5b79bd5e

SHA256
f7621aea689628a4c479f163bf9a08d4e862b6c90879e88d897009a713ae390f

SHA512
45ba5841279346607f899c5036058a05638ce0894f98c2db0f1fc292ad592df1d682f1f1ae059941f3a9c25f00d43733124b70161c33e7febe9257b5a3169828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a558.TMP

Filesize
371B

MD5
5b0985c2ef086a5a8cd56d40028dfb91

SHA1
372a61465faff514165c61219e59e273047e9608

SHA256
71d260a3314c60b86a78dac664e1c387d112a0731a1f6fa91ff8b96bf7646cd4

SHA512
57db006e00a72d29d7b040028baf55b184491bde20106b1c294a298625abd204358c9247925d188145337b8ba6bc45de2569113aabbaf5144d0bd15c26e7935f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6c716de-176d-44da-a113-7fd4311c52eb.tmp

Filesize
6KB

MD5
62abc4b5f19cdf6bd460650f83a5ff4d

SHA1
e8ebfba67abd92ef1e98337f09d814e6eb0f4fad

SHA256
68a3875bec00e885d7d847c82d10815d756d10d9bad992d4dfdb39c37565c808

SHA512
ee408b7139a92dc672490152b35071c5afa723ddbc6208121dd50890a1271d92869138c605b43bbb07970e78c901ac7fcea63111db0bb3fe262586c6698cc7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58ea86624b993fc3a47c060920562984

SHA1
e6397d8c256abbd7ae1f151ff99c28fa7d6ecbc6

SHA256
15a2c10eb524355e6cad9834a98f5522013adb315ebaa848aa7fecc351bd1450

SHA512
52ed622be05f490e3afd32aa94e0628520eb2c326b5f6b9256e456acc3864a229ac57aa64b735770047a4bbd964dfc61c039854bae00efd02af88545b5d71438

Download Submit
C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE

Filesize
8KB

MD5
08b7fdc19e5b40345457d3f50acd6745

SHA1
90dfd55502d45ab097ed2f27e6b8a0827f23b777

SHA256
d2cc75c407531d02867cb910d72675b256f5e167f64c767d62da4c46c606a127

SHA512
205d548ea369328241dfd62de472037685c5a4cfcb6ea7dd30a28a4c7dbeae3b9e269d9a124bf846cd0cc420f4ade4498417423ebf962cc58c655f51f79621e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\fceb7dd8c689393582389866208cf6fe_JaffaCakes118 .EXE

Filesize
8KB

MD5
ea0fd1d89d4aa3e52ca3f2a3936d5c90

SHA1
ebf8372fb21e6b6703a34c9f48b9493b9d0a75df

SHA256
a291cb0ab6ab78a72d36867118a6cfb9bc0e968a53d2c22f41cb721c419300b0

SHA512
3d422af7e7d9ba7b422af0662470cbdf1bcb399d0508e7b7ba10edaf97cbb539c09d567bf6d87a4377f2fb0945d80c9cbd0be4c0cf0dcf6ff244cf665bc49c58

Download Submit