54ba531c73ff8354ac3210df3530c23ebdcce6d9d6ffb16c8db1122660558ea9

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_679d8ce7792be839484944cb6c952f8b.html
Size

55KB
MD5

679d8ce7792be839484944cb6c952f8b
SHA1

11d9ea061949931caff652c1a5218043863659a7
SHA256

54ba531c73ff8354ac3210df3530c23ebdcce6d9d6ffb16c8db1122660558ea9
SHA512

95caf8269d9782f2eb91244cb238d52bbf69412cc321f8ce29a99b68e216b800e05645669f1fc758aa8abd0ecbbd8e7dd7dea676098689669096a9b264927054
SSDEEP

768:JqyP+oS1RhvkO98CEjPwmdV9YPseKxH0Fax3/20R3UvdtV:JqbJ1RVkO98NbwmdEFax3fUdtV

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
404	msedge.exe
404	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe
404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 2520	404	msedge.exe	84
PID 404 wrote to memory of 2520	404	msedge.exe	84
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4964	404	msedge.exe	85
PID 404 wrote to memory of 4572	404	msedge.exe	86
PID 404 wrote to memory of 4572	404	msedge.exe	86
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87
PID 404 wrote to memory of 2476	404	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_679d8ce7792be839484944cb6c952f8b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff003946f8,0x7fff00394708,0x7fff00394718
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14627760091684899401,3075607403819273389,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1bafd93f98954c3fa282f198ce56faf0

SHA1
757a2ceeea0d4e9c5780a2a2fd2dbdd8a872c9c7

SHA256
322d56796e1f8c620cdf088651347e2c036c1ad5ccdd07a4fb814440603ce7f3

SHA512
741e3b687b919b0eb4ae64b3a6e68426d183b076c2294da1f24c31910fe0cdf73593ad39eaef6326e96a0dbef8cec16353903d626f9fcfc369c477c31553c5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ffb132fa0c6393f8aa6e9aef903a25d2

SHA1
363c8b3e82e65834cd6659f9ab027d2f3e2644b1

SHA256
30b16c7f3ac23746024d9c483eebad6049c1ddde0f32922445c5e868025db1fc

SHA512
fe2d2a6a2bc49762f30df8edf001d9d52c5f0cf54c6cf039c57aa8d827999b54b64a1985f9e0fce6bc4e915dcbb0615e01498fe1824cbac76a1a6a6d35dc82fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa55a4da3ade4e7eed3cec67cab390f6

SHA1
2f3a136589cfd18fda5b4898ab1ec7d6eda28235

SHA256
389eae02989e4f93668c13b39123c640c02f9646710bc3d33e8c4ec64812ef79

SHA512
8af642b3c45ca9cf3d9fe419b85212d1ad3fdd29d18304bd7885eaf992d2d2339093760d09412c978510172378c3b8f837016a37fc55a08d5b3c23aa122d2bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0ad61b7d15c55b1209ba15e62822f120

SHA1
97ffea0e5d054eaa0a5de8d7e8c3400a9df80f00

SHA256
612b6a62c0eb0edc8fe347f90606e51dac0b1d7c4c5fbb0b55ffbc17f9694f4f

SHA512
553c697ccec21a8be4189b032665e7ec4298018996cc947076f8c13019cc74262b0c6887eef560681d2cbda6fe92646d420ee38fa02a9921df3b77553fe638ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a4482c5776d764c626b1fd047b30453

SHA1
e68d700689c68094aba56be3f5f6d074a54049ad

SHA256
06419d1c304500f2750023b167dd3adf4c3571f31bcd970bd99b26fba11da1cd

SHA512
6c5ac805b64c89cf630952b8cfed9f0312e371115e3320c4aff5d74ba2eaf0d5bfbcce5907c80c1958f9295737547f2b7b9b22d68ff0f442e63d22913d56fafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b7634a78f7c9e8c5106a7d4fd60c5bbc

SHA1
2ecd712327080cf15b0184dc6628ea0640f38d7d

SHA256
5bc80edb6db3523801b901214e1c1879c11d9fcba5581b45ce23824286bed326

SHA512
a32318edc569e20ab352320298ee2927f1d5da556c8763fd65cb8630f6f65c8e41f064061b40085d0d85a86689015e209b22c31c22321bbd758c0e062271d7d0

Download Submit