ab6536553254cc5e311b753b830cf49c830ecbb9861bbbf9da563ee54776c203

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_bc6fd46aaddf5d30a0623d0d487d002c.html
Size

72KB
MD5

bc6fd46aaddf5d30a0623d0d487d002c
SHA1

abe3ae1e150b25a6a1825e5d64e5e639da2b5947
SHA256

ab6536553254cc5e311b753b830cf49c830ecbb9861bbbf9da563ee54776c203
SHA512

83127ae46f25be1a99fa1cf13497e35173675605357c94db9cc0354164ac1c3fc14608d2acb599e9ab0bc86e1b93213ccdef2f64f73973c60279067fe7b3b6fa
SSDEEP

1536:SWVOZOMif43jprQzD9BJ26qDTgxz/jIeILOrEo+Y+ujNT5+PN34:qOM2439r49BJ26u0xz/jIeILOrEoZ+uV

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
35	sites.google.com
45	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
3264	msedge.exe
3264	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 2244	3264	msedge.exe	82
PID 3264 wrote to memory of 2244	3264	msedge.exe	82
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 2252	3264	msedge.exe	83
PID 3264 wrote to memory of 4824	3264	msedge.exe	84
PID 3264 wrote to memory of 4824	3264	msedge.exe	84
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85
PID 3264 wrote to memory of 2204	3264	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_bc6fd46aaddf5d30a0623d0d487d002c.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55646f8,0x7ffcb5564708,0x7ffcb5564718
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7070926777867037428,10180993623375390219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
408B

MD5
026238142b5e480cb1b8418ace525788

SHA1
f51b946dc001d14631049c55eecf287ac3a21adf

SHA256
df1b825f499b58172513509794bc0467e4ade4931462218b56d6817b141c5ed5

SHA512
e7675bd987e038fe57554912648b3dce013c8fd4db9b65b769646fdc40a0cc87fb4f08ab6ec07179dd7ed3835f21174d400fe61818064c64a99e7d85ab713263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4f9e1dcdba0afc3ce24ec5ebddd2238a

SHA1
39bda841c359e843aa11ee5d7fc8a874355d0045

SHA256
7e47bc0e3e68a7246726f28ba05d8a7d0f60d28df16df8347af5f9664534ba8f

SHA512
e179c56479a6619893e843125caed942eed60f944f56e847618303b1f1289785c89d09a9278ac0cf4477cfe8c657249beed7369d34ef4683386dc0bc7a7b4cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
f4997965137f304924d8d8e85b001a38

SHA1
1f1c7ebf6cd279c7c7f63df4c837f0b6eb195cab

SHA256
6253d0744db9a99ba5875852fd66b13a20a5b09b68ed08a677e11f51d281cf7c

SHA512
a4093e425311fd8a28737ed47c21b81cb3182425bbb8a915ddbbe4aab21e712d3134590ba4790dd217db716bcbd6a2fbb2aa500a88a7a00e819f319161d4135a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0f16d08a10cbc7ddf7b68526bc2770e6

SHA1
2c16976564c1b2a88c456c3d1a8fcf93a40e08ab

SHA256
5c2ce503d2fa0247e5d603fc9a8e7aa7ceddf191647bc4e85a9841fdd3619ec7

SHA512
208ca20834d763de86eb4bd5bd0399f4fd6813d0dbb991047a7447dc4349f97543c9c4004ec3d101e8e4a4e379e69e5e25825e0b07073f55174fd32f3afd0162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfa73ff3017f3b734561176a332ee585

SHA1
353217848c45c99a80e837d0d3688b653da18806

SHA256
a9408f237b15e371a24d571dd319d51edb5c6ee5b89a1aa7a20d1eb1eae7d55a

SHA512
dc9bdf317cd71fc5fdae4acdc78214a6fdae2a37752a601956cdb96c87702bfdf90799d0f661ec3653f0c0e0991d11e013a1fa43d38612f8f7949f619a886409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
82f2ee6dcda85c350090ac158d1a2bae

SHA1
587a9c0231151f48e17e7503ee7aaa764278e49d

SHA256
57856ab8b284ffd9112ee94962ef49e5451c8628ba6b8e5f76b519b3592c2d6c

SHA512
14bf71bd803c2da07bcd7b9f8dc367833a4d427907fb3c08950d40bc0cc60954dc019c0a45748562b97a3f03f141c59e3508c94ebbef49c03e243460ffedc362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7f0f6c42391c99b4e3ff9b822024604

SHA1
14f861a33df9c2077379db05ff9702bf29583ddd

SHA256
01061732b6b2343a7fd447f3eb859a86ff1b40d4fda8cc1284aa99d44c5cf863

SHA512
7744f757ecbe88f6af9fda3a96a52d3723fcc3a921ff64847789a2349fbdf8b6663c833020f8f52fb45a09902a698a94421141ceccfb26711b56a9fcdcd879a3

Download Submit