92f6789deb17560dd583620636a30eed5180c7a4a31181144f24347b7ad2c5c6

General

Target

694adba914648589d28bd915df0b2199_JaffaCakes118.html
Size

98KB
MD5

694adba914648589d28bd915df0b2199
SHA1

bc235a0abf29643369750e67f2624e848cc5a2fe
SHA256

92f6789deb17560dd583620636a30eed5180c7a4a31181144f24347b7ad2c5c6
SHA512

2390bc9eb05f38204cf56dbcea442542f1cbb2ad1042cea46771a76d10215c7778d35cb123b48832478c74fc50028b180e04afb739a79b44790d50094829bf7d
SSDEEP

1536:sRpc3Yj2QHHpF6flk0qvwAYs+lqESeFRqR0R5unfqWyU5MeWFjOr9ZwT5yBnO:sR2oj2+pF6frFAd+lXHUfgw7O

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

820 msedge.exe
820 msedge.exe
1636 msedge.exe
1636 msedge.exe
3504 msedge.exe
3504 msedge.exe
3504 msedge.exe
3504 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

1636 msedge.exe
1636 msedge.exe

pid	process
820	msedge.exe
820	msedge.exe
1636	msedge.exe
1636	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1636 wrote to memory of 4052	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4052	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 4224	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 820	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 820	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe
PID 1636 wrote to memory of 2776	1636	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\694adba914648589d28bd915df0b2199_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
2⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,17699175155209218688,8422259606600411535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,17699175155209218688,8422259606600411535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,17699175155209218688,8422259606600411535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17699175155209218688,8422259606600411535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,17699175155209218688,8422259606600411535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,17699175155209218688,8422259606600411535,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2392 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
7d68512762fe2b37c811afbbb7ef1430

SHA1
d9a77bb80fc60c01e40b950760ea1778f032a4e5

SHA256
6cdb7943c721edafc4a8b294a5c514089a02f7c6eb974335cc67747e88eb9ad3

SHA512
a8e9bc8fd30c73342a777ccf76454be0eeab78ac8d162996ccc271456fa74e6ed4e2645c75606d431adbe993498a2420d16215e7914511e134a466e9aad499c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
251B

MD5
f2aa6cf3bc101bc38cf29b7a034b90c9

SHA1
a711632f8f929e4a51fa19a2327febbe33ed11b1

SHA256
6e7c9c87aac06b50e7985b6d16a87e351e30c0de81ab8f5d11a059d0b3246a9b

SHA512
00129eb72b84730175897f69ce2e9464984be28a9f429845cf8844edb4387a8c794bef9cad579d96b9416308f81898dd261ce589fdcf9d1ac55b88800823593b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
064e4fc386698c8eb2df1c4d878626f2

SHA1
8103efeb88b44c4e76fe2baeffb61b2c00523b95

SHA256
1cf4ba9593d807948b119c48bf8b8a33693cb3be89ea0f67c2fc85bc5866017b

SHA512
617636563d0027a3ad8edad0a9d91621b619dcbfa2b85fc6c03b990c5ea92d2ded8d5c6c60c5af478e363da7813c3db6aa8f87011e65f5d9ff87a1c91100c193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d21c8744df4e2b18e2b8790dceb2db56

SHA1
d0b8b725300b50da691daa3dcfa9fc5b2f3ee6a2

SHA256
d408e1be73011be50db97849a555c79fb916102dbcaebabd145c9aa98e1b74cc

SHA512
0368a197d96785e519a240a489b868706911f090cc91ad7d05f3c300176b261d0070a775ae4d332570cbdf972bf61c0261f7994c28aa27c37024faa2ec40a86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c72c212cf1b3a388322177af678344c6

SHA1
96159c7b028883744abee96ac3645ceabae2ef70

SHA256
37383ea0df4ef2e9581dcfd5d080cdad6f5455851161cb711ef723560228a2eb

SHA512
f76aebd8cb01cfa4d557fd2644e5f65e686ef3ea6c66686dcc4ce14862d39e8e70df146bfed8092ab12332454a9c246650769778cc9df95b8e17903633a33965

Download Submit
\??\pipe\LOCAL\crashpad_1636_HRUZTFRWYPCYNGSA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads