6d8376aafb60f67a3c16965ab190d54e09d444284420c0f8cdb41ddcf076c1f9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ccd702f52d9d10930a96901df042a82d.html
Size

157KB
MD5

ccd702f52d9d10930a96901df042a82d
SHA1

834b9db1bba38be32d2f4bed5cae5f34eb56e130
SHA256

6d8376aafb60f67a3c16965ab190d54e09d444284420c0f8cdb41ddcf076c1f9
SHA512

3682b07d16c82ac292807fbd7db18cb9f5a9a268e0519052a752220f0149830bace38535f4a9e38e9f90df8d3b3b407e6444a4ce8eb243709482e9b666ab2582
SSDEEP

3072:nOMj439rt89dLnPKBJJ26C0xz/jIeILOrEoZ+ud5+hNJT:gmdLnPKtE

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
55	sites.google.com
48	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
1460	msedge.exe
1460	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 3764	1460	msedge.exe	83
PID 1460 wrote to memory of 3764	1460	msedge.exe	83
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 3476	1460	msedge.exe	84
PID 1460 wrote to memory of 2856	1460	msedge.exe	85
PID 1460 wrote to memory of 2856	1460	msedge.exe	85
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86
PID 1460 wrote to memory of 4692	1460	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ccd702f52d9d10930a96901df042a82d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd452846f8,0x7ffd45284708,0x7ffd45284718
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15387890609174650474,7963456260457413355,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5184 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
456b7f18a04e4dd1f788fdd98cd0855e

SHA1
ebcac67244f4de4117c6e370de72640ec6ea84ca

SHA256
5cb007bd0c3ac34f50a9ad6685e35762263c4ce025e1f204a0afdd06ba44071c

SHA512
91ab8e90d91ac5521006147f590bd6b078a2578fe12c4db85fb1fcd4a3056e7ceb715b03ea19aff76417d8f1cf763e1eb42acb5d57fc1b8385f6279e874298ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
62e2dcdf58188de8c99374cab8b0c60e

SHA1
e3a7a58a28019931cf78a5a2627d4cacaec998bc

SHA256
d873104c6b44b7e5e04b73faa2fd2a5b21c262a6e6017050c9bdcaf98923e883

SHA512
a558fc7fa63b927dab3a3902c386a0da705b02a3ad2be0c5beba9e6c7581f3467f4b1d84ceb90b56da107e8d140253410654026bedf790b762db27695d4baf33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d71283db8519356cdca446608ab5ac9

SHA1
77fdc25f763e9e670cab664eb3ae20fb1b27a90d

SHA256
cfbdbbe7e8ee3fe8a58ae59a8d55d6003afcfbe3b2ff70df77dca8032c22a02f

SHA512
a7642c99d9ea6eb0731a5f22442f6f13997a915e298f1ee655d2fde2d84ea9df7a21c81a606188f54d63049ba83e95ce14332eff7d86eacd4e000489e36cc80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
da4ee368f83f7a4a1fe6d6dd05ed4532

SHA1
58bc31f5084aa2575562197452a40a4e859c2ceb

SHA256
513508026f0213150374c8aeae6bb235a975abc9831fe346c9eb47f1399136ee

SHA512
1bd9ba6f458da3233a436be3b206a5f629c37d3f94bdde71505d6b55cc41c2341e0805de24898d60c83741ff074fd2f88f3ff0b7d6810d5012d5a73d40e2bf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac5868b359827194784a670a76e14bdb

SHA1
6984ab86716e69b293315214217491afa3ace7ca

SHA256
9a618dfae8e2627bba2f2100535f830babc6338af9f49e2c675d4c626378bd24

SHA512
f5c7ca0ed0f41e3a4eda9e67313a7e8fafea286472786b77e14d46f6ac307383d6f85814c4193db5901616d0eef0bad9fa9f4698e39b34f34e77fc7400cde9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
295966edc6a284cd32e057de763aeddd

SHA1
e3b3de8e233dc07dd5550f937eab72259be1a7a5

SHA256
94eaddcb1bfc49cd4c155aad4089471d936192fcd1d5b121c84b8a274e134920

SHA512
ac466cf246bb28a987a0d58533d490d61f236c3b3cc24173d6b8b3a43f3ef9b97f58baa804876a96f51987cfe036b7b64faf31a3fd7cf3f14f1b96cbdb4d9122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60cc2af2a2e2493c224287f36053d2e4

SHA1
794c6ef478881fd05aa25c9a6478b961e1493304

SHA256
774afde5dfbbe5586124a1558745224ca6bee4666f917e5c7042d6ef151c75ed

SHA512
b4e63579ab611b258829f40fc06974e87b63508638697915c0bf7038648eb5bfbe0b0ea99c614d0a971753f6864a36d25888e8c9aa120d4711702086c2d95b64

Download Submit