c57385387864a94e3fb19fb130a9404c4a01549010b49ebceff41daaf5415957

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_662daf0524e943a541471065705083a7.html
Size

126KB
MD5

662daf0524e943a541471065705083a7
SHA1

4ce81552682da2ad06aba3c4bf817173d8058b6c
SHA256

c57385387864a94e3fb19fb130a9404c4a01549010b49ebceff41daaf5415957
SHA512

a0b9f58d2ad799834f29fb1c729e62668b25cb076c16836b49eb749f9d0f748c120585aecaf5aabb725f35df7c06264766c43b76c839720089b089ee40ae31ce
SSDEEP

3072:DvDJ8Mjz2S81Ep2DdwYHU63mLMQdXJ2N/qWfsFau2IPt7Ee9A:HJ8Cr6ryGZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1780	msedge.exe
1780	msedge.exe
1476	msedge.exe
1476	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe
3256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe
1476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 2600	1476	msedge.exe	83
PID 1476 wrote to memory of 2600	1476	msedge.exe	83
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 3996	1476	msedge.exe	84
PID 1476 wrote to memory of 1780	1476	msedge.exe	85
PID 1476 wrote to memory of 1780	1476	msedge.exe	85
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86
PID 1476 wrote to memory of 4816	1476	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_662daf0524e943a541471065705083a7.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3d8746f8,0x7ffe3d874708,0x7ffe3d874718
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6392022965686720362,1160798695540156277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x300
1⤵
PID:3476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
3ab873982909897c0d4800ad5acdc54c

SHA1
e422121cc88a7f8f491dfd093c30dc56fe3daf3e

SHA256
da4d02ccfcb3f924fc46a7c95563627f94ea2dac08e3e7ca874e4d99f1620b09

SHA512
92ddf001d57a1dd0b3385e3eedba6324dcf5c5839b605141e6d9cc63fca1b05fbad0c4c16c8ade1a0f8dbdde3657ae0f0901f81ad73f30896079e3c6d1b0065e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aa973d1ef77d57b5bfd89becfd0d2100

SHA1
ef9f781f87317693581a43b6a60a76c802fc6df6

SHA256
ed1ab7f74f5bba1d7b7688823c6020a6538fcbac9b76fa7397566fcb50cc1df1

SHA512
b9afae374beea9390dff5d347441e241a77d38edd140765747f9cbf7d70753c00472de03503f1e32846d3c7c2b4be682a810a88edeb81a6bf7a76a50b786ab77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c83232b9711422b26c686d2d07603eed

SHA1
76110ae91faa0f99f259372ad39a53de9b2edf27

SHA256
6195cf5f671cf49d8c1926a85997326f4344c6b7ecae6010a611412d4d2df6b2

SHA512
bb85203bee62cde3812abb19f45e7bec84fba9c11685fd1470f8eb2711b2b7982ef20c5a44f001a42d590bf2e7f4893bd1ac2e740c9d9075988e0e331be7df70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10f5916da6315da5b6df7fda933c6be9

SHA1
e2df9fb7968f64bc0300d10291388e609b5e6434

SHA256
c4be854741009f8ba6b5f3c932ab60a99c4be251ca58766c157ba7b911a96f1f

SHA512
b921f8069ab147c7cbe247f08e9929e201fabd95722b72737b71638ad1fdcbb27714f0781d0a6a4168d9be9823b5cb608bf02b289ee5797c5f47f042d8c4068f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ee639f5fc4368f6b8f0e8243c2b9ba6b

SHA1
06d347920343197e622e727488963b8760e52fc8

SHA256
83e22a97b8115f7d974fc46b337439b2e215d53d7145aaadd25e0b10fd03d641

SHA512
76d1c4ccac93ad9943464e298a6bf0ef864f42d1067b3e0f2093f5bb89c03029a962198bac45cdd6da4224a0d4d926f2e7c66422e1bbd296ca0be8b716018d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21d36c22af884c51f3f3d87b786631f6

SHA1
c4d6ab0800446a16abd2798adfd8db1931aeaafd

SHA256
8e54de0f427c34bf663d5b29fcc95be6ab5ca09fc7e8dad608eafae3ccc401ae

SHA512
6e0b8bae611252cde813608a62f6cdecd5e21d7e6592b9caf38705e11751046aba23f6a204e0da953cd85d606b4725519e6eaa4a42615450cc810abffc27cbec

Download Submit