70a2e21d0e3aeac3788a12936ecd65a1ebc4451d3050b6b0b27426a168c2f96c

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3665b4b93e023e691284c9a548aa5574.html
Size

19KB
MD5

3665b4b93e023e691284c9a548aa5574
SHA1

f9fd042d0532f327840ab29c8b5cecf34927a584
SHA256

70a2e21d0e3aeac3788a12936ecd65a1ebc4451d3050b6b0b27426a168c2f96c
SHA512

de11d76313c3bbe18e3dfdd8f19bb7c348e9f13adf7914ef0b77ea9f8e46e7c6e3a2b3f02dad6fb2802d39a1232d57fafdf59efd97af0aabd76762952833cdd9
SSDEEP

384:zBqtZRsVuEc+6bkuOENbsCul0LgIssbQbDwiTkBFV1aG/a1B7rl99Ye/ZGr1h:ItZRsV2+6bkPENbBJZYDN4n+Gy1Jl3Y/

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
2468	msedge.exe
2468	msedge.exe
3596	identity_helper.exe
3596	identity_helper.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe
2468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 4360	2468	msedge.exe	84
PID 2468 wrote to memory of 4360	2468	msedge.exe	84
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 4552	2468	msedge.exe	85
PID 2468 wrote to memory of 1804	2468	msedge.exe	86
PID 2468 wrote to memory of 1804	2468	msedge.exe	86
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87
PID 2468 wrote to memory of 3100	2468	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3665b4b93e023e691284c9a548aa5574.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec00246f8,0x7ffec0024708,0x7ffec0024718
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11604869567933753239,255859399742850142,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
523B

MD5
583ca77556c279cf830a142be6efe3c3

SHA1
2bb3d5080b2f6251504a2cf49c0d9c49f5315296

SHA256
8658dea41e90ca7efea52c9a1eb1089990ef2a3eb1dd2320fffb8218888a5edb

SHA512
ce5d232dbfb92573f02fb9d80418669c624ec2bfed98ecb5fa918725278489560840835a9cc5241595239101cafb97ca777717bbdaaaabcfc971e15ff12f3a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
602B

MD5
e931adcf0df50806104987a174eb5f0e

SHA1
7cd7f17657c3faa89a4e16392948e22b42cb8420

SHA256
3e6b47fdcb96f608606388158fde6ef7d713818fc9da964bf6a3dc0c28110a8d

SHA512
e79a26a8dcaa44bfce044d6bb082806076f6ca0d422db49980ece7b285634384ed62090d2a3e59ba69997b42151747932e59346593f9215c673383221e64a524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adaf2ddae6ebf61197fb9e2125134d65

SHA1
54fb44abebbd72fa207ed1e81ac21776f28cdc7d

SHA256
e572b9d8c9a23d838853f85651118a9455523d7660567af0d992cd13ca0dade1

SHA512
8de21df40c5d47fce007dc58975858de0fc85bbb4a5be23eab7129b979be3040181fb56a94f626ef4faacc8756cab2f2b33d38e4d39124239301aeb31078bb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
580c35b363dd85ca5f2476d80515c496

SHA1
5629b259d6233fe7804950ac3be745d17c7fd1cf

SHA256
31696e92a19292f9252f6a7bdd84568649c030133a67f8fa82b7abff6dd661b7

SHA512
a58888426e7d27637cc60d96e7f1d279fded0d992fd8cabbeb36514092ae216fb9aa58f16fe761f28642f58661edbc4d25ba909a634894e4eeaa52ab560331e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28f27424ad57acad372844c42bc1e9e0

SHA1
90fb47ed8cd5cc307fe403d7e8082b45b21794fb

SHA256
b7d0a81d29bcd6fb659bf52b077d7aba7bfbc76057aeb9aab1339ff3c9b8a7be

SHA512
94c4428a467e85b2a2de8bb04e0ac3ce17c61644327af866a8c953df57ae54bc219f926e608c89e6bb4e0d7f491f461d3f243283ab8bafe4ba3da9a3dbc9c469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ba22e8bfe10fc6b41694c62818c9254

SHA1
b6b04fbce61b05eb502ae02f93c35b17bfb8881a

SHA256
e7994e63775c9f05c85a52fa56c05c24226fc649e1f9a247d53f0667d4c919bd

SHA512
c4f485eb4a89bcc78639a967472aa74f9bc76f6281aeb755b69e88eaa1f16c19c748c805ee4b417ea9f0bad24d8cf578fbe337e2c18f4425fb2f3f5e4d9e7a55

Download Submit