65e92bc3024eb9c6d512af683608e0033cc3220c10b1add648c0bb2d220a6788

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0c7555bfafad94e09a01e8d27e39df68.html
Size

120KB
MD5

0c7555bfafad94e09a01e8d27e39df68
SHA1

53132369770d47da7bd2c225347efab87c7e8c06
SHA256

65e92bc3024eb9c6d512af683608e0033cc3220c10b1add648c0bb2d220a6788
SHA512

ff83a8ec9958c529397256c758a1d620cfadec41bab986549a6ade6e70b4b8dc7468971d3ecc333e17e4bc0623a3c7dbcbb62bf2665707247f576d71089491b4
SSDEEP

3072:C/GFk7/5qZzt8aNxF+xM/RRP/s19ZNfw58V:Yq9t8aNxF+7ZN9

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
12	sites.google.com
15	sites.google.com
16	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3280	msedge.exe
3280	msedge.exe
400	msedge.exe
400	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 2060	400	msedge.exe	83
PID 400 wrote to memory of 2060	400	msedge.exe	83
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 1928	400	msedge.exe	84
PID 400 wrote to memory of 3280	400	msedge.exe	85
PID 400 wrote to memory of 3280	400	msedge.exe	85
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86
PID 400 wrote to memory of 3164	400	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0c7555bfafad94e09a01e8d27e39df68.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebe7946f8,0x7ffebe794708,0x7ffebe794718
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,12339705960055046590,1481210170214810537,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
a704042e4a3c2e2b11e75b20750b9f0d

SHA1
e32bd61f84d52a9c936a61a407bee38f787f3363

SHA256
faf1971de99ed89e861eba7265b61190a9d40456450a0eeb19e80f1dead1d06e

SHA512
bc91f35e2075c8f35169d155f615a943a1ea8e88f17c475395efc599fc1ff72795e391c7d784a19911f998176446dba1a699a914c81bca7a275e5f2125694ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a20b5d8d29acb534794a0200e7119476

SHA1
1ae1b6441df065409d7b495de33d7dca916244c6

SHA256
1b20d9b5a9ee051f30e3bc0e28c398801bd66b1588b855d0d602f637487135a2

SHA512
47e296c7aa5dd0ea3507d40304f1e629ad5806ff4456593770c2b9411e23b0f6692b7a8f47145b69cb88889ac5367999f1ae78e8eda4ade3de69be4564b92366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
cf42c849c75e616cbe625e6ed584ff2a

SHA1
232aaa9396b97df0f5d82c8c2c2e14c7475c9cd7

SHA256
3c2277880b748a3567071b654410bc903ec6e51e4c081b6676ffbe2828d9baef

SHA512
c6e06bcaf475cbe45e103b51af093c38303f3d71fc54159db41cfa705131e4c9e86f0595e05469a4480b9c2d2901a965ed8daeeddf430cad887ac2c18fdc90be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d096c856ad5b506241126b9d8a3b4609

SHA1
d0a2462adaa05e206c2cfe621a7ef786464cb7b5

SHA256
658289a71b2d6e7a27dc72ad8818bb960a8655e1fd59741c96a8a147130566a2

SHA512
6b5f343e50db763f19c1fed65a258ef093744a0c14cd36454dda391db6c92d3da14b5ac61d030cc27c1a0aa2fce7d0a49db87ac0e1281e6412bb6ea21841129e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90da47af79196cb8ccf0bb45bb55a6c4

SHA1
f732a1fa2315093636b0ef8b613c54fad31f14c8

SHA256
0f090eccd73eb84ef42422e0d9e43a1db8dbc0dffd5bcd9dc126d2ca2373582a

SHA512
19e66d266e9db49f10d4c75efca36f3e80e41022127f7905a89322409069aec471dd46f4faaf3cc826f3b322927b2122fb8f077bacebd02ea564a5e8aada77a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d76.TMP

Filesize
705B

MD5
fd7f11f8d7a170ef01232b87f226343e

SHA1
70758329ff78bc3f525cee5ab29262d69820fdcd

SHA256
86cf44cac26b7c342fa72265fdcc321a17c286a482a406a68490ebb754654f39

SHA512
ef7fe7c1c5f666514a83f764961e44ef42febc779b8897d9e2bace39cd45aa295a4e0993d7a6c797db65aab345c4f710746b8b0618a9a1bbd0e56e3a38ff5465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e5b7f190-f36f-42c4-8833-a5e5f00f9cb2.tmp

Filesize
5KB

MD5
1b5c3888a37c8cc8848d7e6458e325d8

SHA1
cf9ff6465d11051571b62cfc5682a1196320212a

SHA256
b9aa059b45e4b54a9dfec13b4c55e8e08538751addbeba60e189e558848f3275

SHA512
1fe894feccfaffd2c48849f8b6ea9540894c3e8348abe2ca94096aeb8b2ee6f8731c25b4996d2a817f9e512cfc5f533ef8e33a16764e6acfa07efc47ee35707d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ac3cb6464914149bacb830abb86d892

SHA1
8145884b42b8870862dfff03d500b558db925702

SHA256
3fc047f1a2caf2f627b9099e5cef9483beefb6a502ee31bdfe47163317606a61

SHA512
01c1ee6f36ab42b898884615d28a18a1933359676e99a5f9a95737b3d63f9374f0f57b761e890d69f323090459cadfb827d7957b3f5b2eec050fbe78accb22a7

Download Submit