e96aa1f1610454c014d29dcce1519241526e303e7ab3f33ffcdd49a39f2ec025

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1fa008c681cab3a96186ef69318441b5.html
Size

253KB
MD5

1fa008c681cab3a96186ef69318441b5
SHA1

6bf1a74aa45c78086dfc2d5c237c8daa2f609a59
SHA256

e96aa1f1610454c014d29dcce1519241526e303e7ab3f33ffcdd49a39f2ec025
SHA512

c146b77160d490ec7816f0715634c766d0c351d538326ea3ffd2d9abee8f65619ad8368e206a5ebf48f53902c14bbe8ea157ee44561e059de36e3f7de7c6602c
SSDEEP

3072:P5+ApjF4ONjVLyeKUFqNkyGsX1uLIhCqd9:P5+ApjdRxye3FqXGQTP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
2000	msedge.exe
2000	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe
3032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe
2000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 4600	2000	msedge.exe	82
PID 2000 wrote to memory of 4600	2000	msedge.exe	82
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 412	2000	msedge.exe	83
PID 2000 wrote to memory of 4676	2000	msedge.exe	84
PID 2000 wrote to memory of 4676	2000	msedge.exe	84
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85
PID 2000 wrote to memory of 4612	2000	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1fa008c681cab3a96186ef69318441b5.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff240946f8,0x7fff24094708,0x7fff24094718
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14029629094881184659,381311099913484442,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5632 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
41KB

MD5
1da8deabd421929fa1a865599f43aad8

SHA1
88af7573c39022643333f85b523a329cb6448675

SHA256
07b01330c36ae322ea1f1e2ea70e60b629b292b3f7ee7aae5a9968dcf341e685

SHA512
0be3f8d02397c3cc32164b116c807115c42a310fd70c72c94b3b523732422ea2b222d8762e81d91ef0c36a8328df4f7ae8e4570c4bc46ab94cbed5131389ea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
0108591592b5fa711be2c711f388716b

SHA1
3c5724211e1a840ea83e31bb62fb7f0d68ee533d

SHA256
93139fc4f56ceee3da8151f392b5a1a707d35eb86abb92d65afdb88d0ac40b83

SHA512
d11accd50e387c4a96196aee009a10028654d195eadfba6c233c22fa551573c443a279a2c84644a3bd80dbdf1fd1c27169125e7cc8239dcaec41f08c6f583d37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d1e222f64cfabfebbfc76bbfb06c70c9

SHA1
3a712f23c49db694322ef2abe53020c3a09cb49e

SHA256
f0e52633af71ecbca258a4e96f9b85d6bbcd0035827b386d5bd3c4724116eb7d

SHA512
d7edcd6791e6e9aab2ce559f3be3a3140008701304c60a5da69afe57a5e94cf8a5738795f7cb2b1168c089791aec9adefdbd5a0877fa93784d1aacb21fd910e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
976809c352fd6f94c2202d1b8b702ba4

SHA1
7899604e3eb4691a66c048cea372e904042923c3

SHA256
a2cb7a77b9279ff460becb457693343fc6ab132fef9ac3ffb21319aaba06ee48

SHA512
fd0417ac71b100200b22af48a43189000ad89e20cd6ecb5e5fd111a954a10b7948812c7651ce215087b77da02e254e935faad936f366fbccc34016401d7aeaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e7442e5453be9b62b75600502bc63b8

SHA1
06fc238a53b58ec6214c9c4a49d3287924ae9ae9

SHA256
fd130fbd0333ce31f8d9df2d8683b4495b8a86e5a5ea68ec072df5ba97f73fbc

SHA512
d2c333098d20ee918df6799d1cda115212fedd01bfa4e31d0024f3f89f4449eae65615b176a2ee93b5074b9de26bb759c292dbfd5e5f3a03054233372dfe46ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce21e91f36c93575a2286b575671049a

SHA1
4dee9f01051e74da46d555708a70d66858945b44

SHA256
de6a89cd9587c60de02bd5b78f5d37981e896dae557be16f8c9e1e7c5d0165be

SHA512
00583aaf10cb8c27e5cd01b9adf3dc94541dbd11d2c43c5d6afe41ad1ff7c58ba54e67863120ff4e2aa0806d0cdf4651cb417d8015cf2d542c7317c438bad974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
11acc95ad83084cce6a622285fdd94fb

SHA1
b225c3674eebeb73defd2ddf7293be57b25e13f8

SHA256
a02e9750375ced501466853fd83bc8fb03e1b6b6e9e1cccfaf7b1d957f5787a7

SHA512
75915d8998a3a112b2db1dd09df2a011b44f0f7f46cfdbcaddf583b4cdaeba083956d16a35e29896bb400aa888b3ea75f02a4069f9fcdd4750d8ec0ed8c7ab23

Download Submit