ba9393ec4b68b77bf0172c2777e7ecd6c8c765a72745cb4c8bdf3d8efc1dcfc3

General

Target

69566efaaa83df0e6f72b4a004421a21_JaffaCakes118.html
Size

18KB
MD5

69566efaaa83df0e6f72b4a004421a21
SHA1

1d833650ad80e62b918df8607da7d38b97688261
SHA256

ba9393ec4b68b77bf0172c2777e7ecd6c8c765a72745cb4c8bdf3d8efc1dcfc3
SHA512

df1f45f882df85511c571c295856b015fe91992658b9217d62794835477078d84b9b9eb93be32f086a85fdc564fd5776abe763c1fec20b103b2b81f7b9886401
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIl4jzUnjBhdn82qDB8:SIMd0I5nvHpsvd8xDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

2424 msedge.exe
2424 msedge.exe
1884 msedge.exe
1884 msedge.exe
2872 msedge.exe
2872 msedge.exe
2872 msedge.exe
2872 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

1884 msedge.exe
1884 msedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
1884	msedge.exe
1884	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1884 wrote to memory of 2484	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 2484	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 996	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 2424	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 2424	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe
PID 1884 wrote to memory of 3636	1884	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\69566efaaa83df0e6f72b4a004421a21_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0x108,0xd8,0x7fff935e46f8,0x7fff935e4708,0x7fff935e4718
2⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9723865459270280174,14035157337476808338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9723865459270280174,14035157337476808338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9723865459270280174,14035157337476808338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
2⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9723865459270280174,14035157337476808338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9723865459270280174,14035157337476808338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9723865459270280174,14035157337476808338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bace08338cd3d25404ce9770bdc5f5c

SHA1
e9680a0cfefc3b019268286b35ed713881c967ec

SHA256
1ced2870080002565b51ced33a6695a6ce92f5b251063cdcfe75ecc373446cfd

SHA512
c12073c6b20f632404b8b63d8c1feddf57b1233f49f5313f827ef1292e73f383df908fbcef2d7098c9da594457b04f62fb29e42a5c4b65267a45429c8cad3473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
048a43f4af40ed176298d79c3bd3875a

SHA1
9357833949e54b2d3bd6a01e7c31125bc02965ce

SHA256
d151fb5f3978f8baf22a4c5c2e01edfc8042de754287642871cc073b64e943d8

SHA512
ac75eea7ce0aae6657304ca85d292b4335d9d8f883f6db4fc2e0437de459d68581d68a3ff101ffd3289be5a4e9f307ae647d3b8f344577fd6a3dbdd629c9bd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e404de1bef729b6818e043320212c34f

SHA1
7089b05fa1544088519c39fed4927402220cc877

SHA256
cfcfbf963d0898d033d0ab5bbe710305b95a0e188f44b1f34c0aae44fa2b3aa9

SHA512
9d875d31cd592b7b99571b91fd4256948d175970ec2063131e060e4d4716e37848ac7f5cb1e7d83a7903c50e824fb97d379004f952704988ed617b01377f1dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1316d7161aa1304fb4052a0180ba60dc

SHA1
b9431a752bd66e266203a642446c158851e8add2

SHA256
fed15d0ca6855d410a348fc0d59a2115c873f16bcdcfb46d685827c319a8dccd

SHA512
cddde0b638de7c977efe826b8b69a98f51d212d606af8f090af2746a7068e2e8c7ff9978523e685dd68a2a2968b795a08f689e5ecba73ebc90c5c2899ef4e0b9

Download Submit
\??\pipe\LOCAL\crashpad_1884_ORALFLDPBGGNGZQJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads