b9b9260dbfd28862e68bdce09fff6d16734ba1493457fbb16753ec98257c2edc

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4f6a4e5c9a374aed4ff18c05d1a4082c.html
Size

178KB
MD5

4f6a4e5c9a374aed4ff18c05d1a4082c
SHA1

5832057512c1d7bc3ac8c5228e7fa1f62768806f
SHA256

b9b9260dbfd28862e68bdce09fff6d16734ba1493457fbb16753ec98257c2edc
SHA512

7a85ffe67f0f863feaf3d0afec38c8a331d7b632192ccc772062fe44a79d73334af4252e301255cfe6fb54ff8f4134f64bb9a59646d802ecd7c29d81c1618056
SSDEEP

3072:8i2xDNvG8rm/GXmNJUNBVT7QUe+E/42pE6LIB43cbbb/tY2FEngw114RB:4VXmNJytF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
844	msedge.exe
844	msedge.exe
2956	msedge.exe
2956	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe
2956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2224	2956	msedge.exe	83
PID 2956 wrote to memory of 2224	2956	msedge.exe	83
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 4940	2956	msedge.exe	84
PID 2956 wrote to memory of 844	2956	msedge.exe	85
PID 2956 wrote to memory of 844	2956	msedge.exe	85
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86
PID 2956 wrote to memory of 3412	2956	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f6a4e5c9a374aed4ff18c05d1a4082c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb753646f8,0x7ffb75364708,0x7ffb75364718
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15101245637314237240,12497766812967870448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0eebcea6-d0a6-452d-80ea-e805a3bd99ab.tmp

Filesize
10KB

MD5
bb6c29d9734729b1c6e58637b9142765

SHA1
74b4e3f6b06228a9c165041ef0c3ceb71575289c

SHA256
6beda1aa7354dffb03afdaec99eae20fc62da8ca22d790f988af1237630642a0

SHA512
00c370b37c9a8db0eed19969c533103f1c65f0a37748df4ccedc127466beb19bc3254597a8afb7261967cf2e89b8f37d0f8c93ad070a70df7b54d8a4ba062722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
77a69cca8a36fe4002518b40d1484aea

SHA1
3a3c9060cc2ad686e51fee0bbd9434389e319e26

SHA256
d11125df38d0c36027d9cc817c3e95609bf13879a4ffb5a7ee4c8e5a64e86917

SHA512
00d213b937386d748de7da24c9a955a626b2cbd323105de4d489892d0129c9bd17e0245866423ddcf10542f12c1eca074ef3fa03a8bfa4e7ad5769232f641479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
582ab0d867679bfb718beec68d81e4f2

SHA1
0b14140a14342acdc5539e8d7173055594d80128

SHA256
2933b83c6303e2b07bba443645eaece65489eece0f36b31a466c3773d7a387df

SHA512
7018ec62eaf8d0fd4778e09b24817fa9d4141bdca0de64bd64d3d90570c98f925ad502d9ba2ff68287ee59946b4ccf98b1a0b940eb7b13f4d19c10b2b53d06a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8a57f552425dbef403df262b733f4167

SHA1
693777ab3fa9a55c6913762061e076132359cc6e

SHA256
feea166d33e424338bbe6f40441ecd4ee4a8525013a9468fda1e926368769441

SHA512
a633943520ab43cec0a2ed905e1d89ab7f909be0c968767a259f9f271340110577f38d6471cd60be3b64ac615fc2429512730255c1a0ac7906815e5bd81bf6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b5d95bb170652bbc1d6aef76192f95c6

SHA1
84170368ab28198ab0996144e36d542f3585ca34

SHA256
a626a0134c1ed8f8f481ad2d2254436f52283d218ad40bedd0626243eefef0a0

SHA512
69961c65d710b1745dda9c33cd4366f2dc8ed72de0bfb61fc73205bdf153508ee1415a405c9762f3bfc29a3abeb81edb313b245b22f42157c692b91d2e0a2687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5e4349d-82a1-44fd-b56d-dc3dae8fe00e.tmp

Filesize
5KB

MD5
95070946ef31155facd7cf8d54e68bff

SHA1
532505063eb5918e584f3ea1ee7ea4b3529f3f22

SHA256
9ec1ee2793d5f4c52bf1f9351d2726f2ca16be1641e413147b3eb437a01ea03b

SHA512
69b8dd77329a348e541a9a2385336ca43155518b4d058320a0f83d52f242b2ba3c7830befa73c0d0d3dc1e64e85709e596d0baed0c9a709bbe9f4865c3fffbcf

Download Submit