c4cc23712f2d19dc39f773a88555989b3849467f2f1f2d3561c4e8b5ddc442fe

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_73b8c27d114919e27458cda6dd51bdaf.html
Size

19KB
MD5

73b8c27d114919e27458cda6dd51bdaf
SHA1

9b6e2350b85c9c6f5075c25cb6ba084edd3a0f5e
SHA256

c4cc23712f2d19dc39f773a88555989b3849467f2f1f2d3561c4e8b5ddc442fe
SHA512

281d2c24b776332e167e449ce3ff184c8e3add415f08591322aa859c40509f9fe999a5952d5c868b78ad541c1b05391967b45b610913aeb586030cf1efb144d9
SSDEEP

384:zBqtZRsVuEc+6bkuOENbxgCul0LgIssbQbDwiTkBFV1aG/a1B7rl99Ye/ZGr1h:ItZRsV2+6bkPENbjJZYDN4n+Gy1Jl3Y/

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
4744	msedge.exe
4744	msedge.exe
3228	identity_helper.exe
3228	identity_helper.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 3588	4744	msedge.exe	82
PID 4744 wrote to memory of 3588	4744	msedge.exe	82
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 4428	4744	msedge.exe	83
PID 4744 wrote to memory of 3232	4744	msedge.exe	84
PID 4744 wrote to memory of 3232	4744	msedge.exe	84
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85
PID 4744 wrote to memory of 4896	4744	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_73b8c27d114919e27458cda6dd51bdaf.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff829c546f8,0x7ff829c54708,0x7ff829c54718
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11419762835591237786,2144464203485073387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
602B

MD5
1b68fa28333df26ea9f59ca61c18f29f

SHA1
f88d5202e1e2125005081cf92018afd34e0bbf3c

SHA256
d75aed70a34e00ef040d5f0af4401fb65b2c305c69f5758e6d9f345132ffeb1d

SHA512
334e3e957a64ced61409d10ae3932decf1679a47ad5c1e8902a1b65eb875d5d447b5c17ed9210d3dbe2c985341d664e227392b99a40a46323ec4c3396709304c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6da40877ce250d094e182cefb9a8575b

SHA1
e7b9141f89683b582b70f44b6879b0f6298f9253

SHA256
22224bb3f5300689f50f86cd911ac8be0ab6474c5a582f2ec9091e2500ddfb49

SHA512
1db8030295965d3c3cb26ac050f19aa2a558c02d40610f7c0c95a4a5d014f785dbde1730513db187b844d3d1d42ecdc9c170c1d48749a8754eba8bb2821dc3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c2b220482b5161bfae3b1fa1df33c91

SHA1
73f333c4490747cdfb6f74004d20913e63d4792b

SHA256
1864c9cd3300ea9b92cfd39b6ce67d8b64fb0692e7c50cface8a4d27bbe2d49a

SHA512
e07f92d6f7539e69ab997488d3419937b28b8b9a051d5f0fe37700bc21492a168498af1fc53c2e835ea33d4c318fed76dca036f6d56a162e96e782c6b787be9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27eaf013a4fe2ee0827939f6d98a2634

SHA1
323a4f39fddbba5b9c762a34b777e51f6ebc35a7

SHA256
6be115eecf5f5e6e9a75d5911fdaf05be59e064a54508d83b6395b9934064610

SHA512
a8960f9ac87fae6819688f98f505455519e8de6193a4820049bc28d118680df2620e367fd156bd3df22e4fb19c6f0f5d1e6a6e28fd49f755cb67cd00e3e39d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0a5a784c7115b58f0878f1ca791dcdb

SHA1
0fcdd31b484b7553e1017135e7b680bdbb0da683

SHA256
a2d2ac4fafeb2fc6996ab56c23f339c465cd927288b117cc514e42881d6bdf43

SHA512
f99c2c7b27a196c79ffa24834b0bb4130e9844da26f916bdb44467554fdd6ac344fdfe3ceeaea2618cba9481c119fe2cb3be01bb2244e86c4751acc2da449952

Download Submit