8a01ca1d8dac799b734b643b361f2add92eb64096643e8c55eb880ec4d51b11f

General

Target

65c5cceb7d7dfa11a1741e59d74c0438_JaffaCakes118.html
Size

218KB
MD5

65c5cceb7d7dfa11a1741e59d74c0438
SHA1

ce53cf393a2fc853fe6fbd4279c0553c8981a378
SHA256

8a01ca1d8dac799b734b643b361f2add92eb64096643e8c55eb880ec4d51b11f
SHA512

a3e6eb5bd9eeb12b5aa8d715efdbd4e5ba09fcebf6c569d11c0734659a62fa3b0db5201c135745cadbfa95715bd4b51c0b895b695d5e75a217f7dfa6c525114b
SSDEEP

3072:SoM6zByuQryfkMY+BES09JXAnyrZalI+YQ:SoMwBypOsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2172 msedge.exe
2172 msedge.exe
2260 msedge.exe
2260 msedge.exe
2600 msedge.exe
2600 msedge.exe
2600 msedge.exe
2600 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

2260 msedge.exe
2260 msedge.exe

pid	process
2172	msedge.exe
2172	msedge.exe
2260	msedge.exe
2260	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2260 wrote to memory of 1988	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1988	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 1268	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 2172	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 2172	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe
PID 2260 wrote to memory of 4752	2260	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65c5cceb7d7dfa11a1741e59d74c0438_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa604a46f8,0x7ffa604a4708,0x7ffa604a4718
2⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,151504400220536439,18101803741078210394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
2⤵
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,151504400220536439,18101803741078210394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,151504400220536439,18101803741078210394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,151504400220536439,18101803741078210394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,151504400220536439,18101803741078210394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,151504400220536439,18101803741078210394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
188afdf2f92036e2c47431bbb1565136

SHA1
150c9a7b7431d4f6cc1b2e3b1756bdb261d6a89e

SHA256
f0aa0fea62052f4c7ecf3fb8c522317270400218b07fe96e15ab50db43d7e583

SHA512
079a6a90b1d1402c43649bfd246ca3eb2a94f3f4934da8435fe888919a64324c570f8050dc4f3ba38e7b9d743ea35d61455767b909356e11ca65c09c4a7750ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92d9984ae985d2bbf0fa471a38541993

SHA1
946cf13bbb2e06bc5661755336dedba1d45ecbdd

SHA256
0eb58635fc8d1e538541a4dfdb38f0537b73c04895f1bee0c06d4072f76eeeb0

SHA512
5d0137471db3732db6f378b4068d4fff4d950e107cea054514ad18bcae0e4bd74161d06d09994d778c9dbe6aab840785d8ea7bfc6592eb3c6fe537d245a0ef76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
717a9c311cfe3d17efb5f958f5d7cc1c

SHA1
c89df1b82c2c37b5a8b4478112923fe3f187f42e

SHA256
f181fe144d4ad2f201f8d677ffbf47e7dba0154ee15960c1298297ad64028657

SHA512
f88145f918f0789848e09cd7546093c057336440ecfc745e18720bbb8b3c3f0bb43780bd51a7a97096edde081f192e54cd8cf893c50447c48a8d2ce2a25e812a

Download Submit
\??\pipe\LOCAL\crashpad_2260_LWROVYRSXOFOPRDG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads