ccb07a75d95bd5ddf2c8dd23f97c3c5bf9def7faf1a5e69c1053ce451888b4d3

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4855490763badfacfb33052fbf833d4f.html
Size

12KB
MD5

4855490763badfacfb33052fbf833d4f
SHA1

70cd4e793915668dc68d88aafdf4bd7c61b34177
SHA256

ccb07a75d95bd5ddf2c8dd23f97c3c5bf9def7faf1a5e69c1053ce451888b4d3
SHA512

bcd67104bceafc8df0a7b15d70602b9bc07e6c393cf0a86b6d83245b5f2519b9f0e85e6bb17c2c4687ab3961373fd5ac50c4a36c3ae35cfbcd2ffef30afb057b
SSDEEP

384:UljzzwFGUlld6rTyv6Rb+nQKrlibQmYMH/pMF1E:2jzmBVgyvCAdhi8yfpe1E

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
2840	msedge.exe
2840	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe
5064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe
2840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 3024	2840	msedge.exe	82
PID 2840 wrote to memory of 3024	2840	msedge.exe	82
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 1816	2840	msedge.exe	83
PID 2840 wrote to memory of 4896	2840	msedge.exe	84
PID 2840 wrote to memory of 4896	2840	msedge.exe	84
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85
PID 2840 wrote to memory of 3108	2840	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4855490763badfacfb33052fbf833d4f.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61b846f8,0x7ffb61b84708,0x7ffb61b84718
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9714603672382115246,12142643941979011884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
203B

MD5
fcee382bbe8fa3ba1c0705a5771d9f23

SHA1
d43d609ce584096a16cbb988852977116447a48d

SHA256
19b50e39232d3b1cc07f5c1f4b2dae3e3a4523282000e6e10b8504c140c88aa2

SHA512
944008f34987273b74e4302feb16b79afd5ee4662deaf43d8f7a6002d412b67d9640b40b6ed6a77e50b4b4c7cfc6eecbca9b792b553164001251bbb0788cc537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb7fd4b3a18630a8f0b7f9cf9ad88441

SHA1
4f6e011540ddd1078c0591642a1efa64e69f26c7

SHA256
10664ca587e683971e4920faae0bc592645ff520357ef46f95ebacef349c49b0

SHA512
a3ea5d5ccfed7225300e32fc252b5362731830d3e3d84dfab61ca301ac03a1d793da7a93cbb0b010f2288baeef01112e8f9b7c9812360dfde42a8123032e3eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3635a2a7caedfb54937f45ea87f99281

SHA1
68a0b30bb2382b1f803531caa9dbe270ef86ad18

SHA256
b4591061048bb48710296df1190e29e1cd39db84c5f88ab4fd942582f6157f8f

SHA512
a637703cad577788a11edc10d41bad64e88bb183c55781959bda7c686efd40dd9b647dc01554fc121bc5a73a1baf2bfcb02fa63a72f594da589f5043375ad1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ace2bafb0f9f2a6e85035f47d3b5442

SHA1
3e055e61ce1dfda9a299d492adaaae9c55a4b0a2

SHA256
e011c047c4fc587bc02fe3d588e74b0baafff74ec9ab54ef5233b5ad15db0656

SHA512
d12091b591fe138cea9ab757d94288f706a2e1ba7cee9b213bc0316c7150abfb9c450651aa5605afe9f1fe01c320b3f73ea31cb95849b2c050c2aad78f42d67e

Download Submit