Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-01-2025 15:01

General

  • Target

    JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html

  • Size

    236KB

  • MD5

    cb2045801cc12ea04993be975ff6e245

  • SHA1

    5a24fa858cd16044917b535e782bae3c5017c49f

  • SHA256

    3e38139a1522ae0072432793668ca41bc5c0fe4ba05cbfdcc44ef285b5d5b7c1

  • SHA512

    cb36e81e6de66a0b55dcac7367c54cb1dda0dd213f07ca7254453548bc8ffd2c6af219be11de5084e1fae7585c0564a894a91cdb7d193cdffb0e5f6190bbcb2f

  • SSDEEP

    3072:4f6QcITclgtyk4HMglOly5265BaxZOf3T1F2zt0fkbE1hF4qsOh5FaEXrlm:4jZTczb52651f5FDfIh

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_cb2045801cc12ea04993be975ff6e245.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3908
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd22fd46f8,0x7ffd22fd4708,0x7ffd22fd4718
      2⤵
        PID:2848
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        2⤵
          PID:3824
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
          2⤵
            PID:3832
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
            2⤵
              PID:3616
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:1844
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
                2⤵
                  PID:3676
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                  2⤵
                    PID:2144
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                    2⤵
                      PID:3260
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3526937210345452146,2481505314417348267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1200 /prefetch:2
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1912
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4552
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:3140
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2860

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          0a9dc42e4013fc47438e96d24beb8eff

                          SHA1

                          806ab26d7eae031a58484188a7eb1adab06457fc

                          SHA256

                          58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                          SHA512

                          868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                          Filesize

                          152B

                          MD5

                          61cef8e38cd95bf003f5fdd1dc37dae1

                          SHA1

                          11f2f79ecb349344c143eea9a0fed41891a3467f

                          SHA256

                          ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                          SHA512

                          6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

                          Filesize

                          49KB

                          MD5

                          65da8d6932ad74d3b51694b5a28dd0bb

                          SHA1

                          aa6e37cdacda153f499c299299a4dacf50c93765

                          SHA256

                          309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482

                          SHA512

                          bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

                          Filesize

                          34KB

                          MD5

                          022b55bf2e87557e4598d3efc85b20c5

                          SHA1

                          3212e3e3d4b0adb40d3eb18fce62f65082b260e4

                          SHA256

                          1ca0d3ee1af6602ff407b8435f010be0cbbdf2447f8b1a13495cbfa1beaebb5c

                          SHA512

                          f9fb708bf3e9771b87f5661d8939649f342279583146c47ffa62a8c29d678e957b283d479666191a92559762725f2e1349de40450fc04d2decd79ac5fb0ecbb3

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

                          Filesize

                          20KB

                          MD5

                          3d7688cf19f50a406c90a82941cf2714

                          SHA1

                          6b0af15bba9126d5e72bd88e3e6f90233516636d

                          SHA256

                          a2e244cdfc53faa19f51296253c975c1078c76fbe65b694e7081dbd22caca7fc

                          SHA512

                          6c96cdfa85bfd66aa4e8dafd9c9697d632d5ea61809af89b35a1ea86e0115a2d81b0ba86cefae80773ba96dee8096a8accabbcdc76890684f5de2e017b477213

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

                          Filesize

                          34KB

                          MD5

                          c8fb7b22297d19be667d11c600abf5ee

                          SHA1

                          0670a9e14ca4eaab654c222d4e991c48b6891dd3

                          SHA256

                          0ff4af60d94ba2e8b260a9916ca946f893be2bb111d849f6fe821ac845de77ba

                          SHA512

                          e59e3f74f8c646a972ab420c8d8831bade469d49bf52561f5cc055a9316f8e94c39b1f18c91fdc35573bb4709b13518ea9fb608d8a912e3d92893461bcc3b2c4

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

                          Filesize

                          212B

                          MD5

                          e1f1c31e6e88df93a5e314084b0c5150

                          SHA1

                          b52be079eac14d2228899c571a623d01637a98e5

                          SHA256

                          1f67b72a75ca387f531c6dc3b72cb02a4fc727ca5e511c1aaff6de645e6edded

                          SHA512

                          30b3647493f4fe1c52654f9a9d3f3cf889008c1157547b7449ac216d756128006172a0a8ad2ab0cb38757950511678411b531120e6aeb3257c3033271efba663

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                          Filesize

                          456B

                          MD5

                          aa6542417dbeb58a81c28e3f424b6b2a

                          SHA1

                          d3945e93d63be4a85a9f33183ae9f074dbd4b366

                          SHA256

                          a399f054afb121893649ed101689888996ecc700c5c7ab8cf762599aaa518c37

                          SHA512

                          fcb42feafe81e1d10fad60d2d6f0e51931293828877b7859f4ff5f0da12c34206f19a0b140021214039726087c201a0e3a690d137425492d8f5d7dbcd7aa7ed2

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          30747a02984ea10ef2cec66f43eabb6d

                          SHA1

                          4a10e585ab8521fe9f51335dcd9a198d93704baf

                          SHA256

                          8b4643fd3bf7a09c0e1a46624c1562388a9d49d24c36b81673abee24d933c755

                          SHA512

                          51d4a974b746770feaabff75ac899036517f2195ac8cd905940437b27bde60897c5f0dc4d927744bbb85e282f76fa76f9382dea33cd63a78f4352e583dc3ae4a

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                          Filesize

                          3KB

                          MD5

                          6c901ef797d1034f89911e34f0ed2cb7

                          SHA1

                          0a96205341b358c977aa3334606585fd06e30360

                          SHA256

                          23157df5c25fba6c13a57dbf3f329ad4ea9392c67a7f9796c74774d500687d48

                          SHA512

                          41bae63bb6f775869c837ea65215f9edfc150319b599350275d90eca10de233929c7a208ff8024f9927d09e2918c7687fcb2ceaf473ef97710f00b8728eafdac

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          5KB

                          MD5

                          f3e71051545880efa1b05ca3285233aa

                          SHA1

                          533d04f980d9ed28b0e4294fbca109b1df858e8e

                          SHA256

                          b4a6d4e787086c8f59edac4321c4175240703e09fa65a348b271224ff0ba20d1

                          SHA512

                          9a57d317a8e6570f2e5b2e800f1339ea7fe79b3ddd77c1cf2d610ed234aa8c305f0ce50a63372287456cd4c5a8cd78dc4f8b4927b993aa19030cc588dd9a14c5

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                          Filesize

                          6KB

                          MD5

                          64e34e3e3ba8d9e6363ea9ad2402d29e

                          SHA1

                          9ecd6a404e9e643ef1982895188c70523811e381

                          SHA256

                          c26de3af84c8e866db87d6052b2ef95f9b179b70f710c855ca0e68a0a55b29f2

                          SHA512

                          4cf6a345e4aef03bdf6fb1ce9b39be7433142809c93c79602a62c56bf385e1f9bec298ef099a861a1feb1c58945baae5629bbb22cd70bde722c3006c9b68fe72

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                          Filesize

                          10KB

                          MD5

                          a2d5f4639cd54d272f7f9a90ea77389f

                          SHA1

                          8f14f1d6614862b5f995a98da750c8a36250cf14

                          SHA256

                          3383a78d3a97f282c9c1c4c3bf087dcd32947da8f9659939920be8f63cc3375a

                          SHA512

                          9d370f77095ffc0ee6eda6d2f5d447cf73afcc779539397dea9993623de79626b03210c9de66a32d78bb45ac825cd8dc52cfbdd54e0a970dff848b08e50ec56a