d70950766709a84fa6c5b7e4a62c3561eb7a837c5bdfaca4e59f6f2c13c9a772

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4cbe38d6923ef94405183afa6ae0bb86.html
Size

14KB
MD5

4cbe38d6923ef94405183afa6ae0bb86
SHA1

3453ae429ff8c2ca35c4d0c08604a2ecfcdca247
SHA256

d70950766709a84fa6c5b7e4a62c3561eb7a837c5bdfaca4e59f6f2c13c9a772
SHA512

83cf83644665deef556e8dbd63cbfe682ea65c7c5d3927c89012e3760c2fe5fafa905b8b7c6a4310996e00f8a772676ebf742555e15fda66b595ac14d3d41b10
SSDEEP

192:FTFhPeZxNoWC09gf12HdwofzV6qjlIHfZS84Z3V0tHCltC/w7Ys7Y1:33WC06f12pjl4f4wiltC/sRY

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
1740	msedge.exe
1740	msedge.exe
3704	identity_helper.exe
3704	identity_helper.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2152	1740	msedge.exe	82
PID 1740 wrote to memory of 2152	1740	msedge.exe	82
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3572	1740	msedge.exe	83
PID 1740 wrote to memory of 3616	1740	msedge.exe	84
PID 1740 wrote to memory of 3616	1740	msedge.exe	84
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85
PID 1740 wrote to memory of 1376	1740	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4cbe38d6923ef94405183afa6ae0bb86.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1ad246f8,0x7ffd1ad24708,0x7ffd1ad24718
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,1388399256117255449,2342169907384468224,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fa0b6eacc6ed1015402bb53c3802fe76

SHA1
20cf3421e067ea1aa304e18890c58ed5ec3dad4f

SHA256
f140a76e393a24650a90d000a494f701da1c48fba369bb57530c91a37dffea01

SHA512
b3c034d2ca2a71075d7cca2d46cd658427c45eca4991a7ea289acbfc00cd9775ddaf2258db34b75bab3a90163e251cf7c028720547cdb7334b1d1e9829bd9d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20163868579cdc78808921d0603a2a73

SHA1
f2b370947f702248e6128c1f982a99d3d64e005c

SHA256
6622b584256bf100f7217eccaf6a3c93d51211a5e7674c17106cd6fffd3d2175

SHA512
ab106121ad87982e80ab7894b0e244207e6100cb14c06a76076cf6161b84421eb17ca6a31a43089e512e87de58bab3acaf812d274392655f01c86e30c51d78b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea74ac2283b3126f993a3c5b977e0f5b

SHA1
95374eba0991d80e6000bb0d7c8ede098ad7b371

SHA256
203161dba0b9e63182f825c88d4f5dd1f19819af40d7f2a64b968fcc9d735f15

SHA512
86f50559f695678484a408abd9e3901eb0ba18b935181c531596ed2d890b6880944d8babfa606072209106573187e9676afad343c8152efa7fea851bfff36ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d8f084de76ffb8d36beb016beba55e16

SHA1
e250f1010000782d351d58a3aeda7304fa94a0be

SHA256
fa1944aaee58b0492596733b139e129a94399b6099604f66e438ccec4f51c1e8

SHA512
b024c1f99b4744ac44786e83423aadd4d6142a948a8312f3bb2af39e507e28ab3f3da7f012b7693f7b02c884e9b069c4a5be45b45ec0b0aef6f6a79405e1b4ea

Download Submit