0978347dde251badbf26fb8a4924a6bd3aa1ac1040933e350bc6144f46b0bd3a

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d0079e9ccd18c1042c1bba725491fe43.html
Size

79KB
MD5

d0079e9ccd18c1042c1bba725491fe43
SHA1

664a5cf8e7e1f4b4fc8ff9dd829858f319cf5575
SHA256

0978347dde251badbf26fb8a4924a6bd3aa1ac1040933e350bc6144f46b0bd3a
SHA512

c6d90c48ae4b48504e154db250cd92d592ab847f52845b24b32f8788c8ffb95051fe292db8cdd52f3aec3853c140534ab5f811b3a97df4615bfb14c3b9e10c25
SSDEEP

1536:IWVOZOMqf43jprQjMyst6J26KDTgxz/jIeILOrEo+Y+ujNT5+QNv4:EOM+439r7t6J26O0xz/jIeILOrEoZ+uy

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
36	sites.google.com
44	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
2296	msedge.exe
2296	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 1740	2296	msedge.exe	83
PID 2296 wrote to memory of 1740	2296	msedge.exe	83
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3616	2296	msedge.exe	84
PID 2296 wrote to memory of 3580	2296	msedge.exe	85
PID 2296 wrote to memory of 3580	2296	msedge.exe	85
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86
PID 2296 wrote to memory of 3800	2296	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d0079e9ccd18c1042c1bba725491fe43.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1ad246f8,0x7ffd1ad24708,0x7ffd1ad24718
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,700648897773161801,2092750928894765588,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
80cd6b42bff48bce3339f8a616cb825f

SHA1
239099d2c229bc1b445bf44de3e8319cdbb3be7b

SHA256
a1a04875145842b007d04f41df20bfcd35540ea7456d93f720a056a238978562

SHA512
b498cbcd3f0abd6ecb8ab349285fe91e849667b7bc3176652c16c20113e156d86a15f4e868a14c6ea5b8c8501c4148f3fd5804ac0d555805972ee23eb4ba7eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
636730bf8d9b8fd1874c5b5287365ad4

SHA1
07e315992d3743871e805d4d58ab115b66827863

SHA256
c1bcfc9efb3c3254e174f031a914210d3eec5f31fc89a0b18906d770dc3bec4f

SHA512
81ae0dc6e8473cf446398bdb80e42198225d9557f86c3fdbea66d585795106850537fc54f4a594350ea556e1eb7f8ca8e822329c3054d716bfcf3828f75d54fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e88a428437bc91d02ca3f055b0c3a4dc

SHA1
c70a1107977ffce9c3fcd1f3f6c65bd5b34cfe6c

SHA256
81e1ba75505b8621456197df2e7f85f569358e8f2cf3d3ed25faa6666161976f

SHA512
b1f18820c28d2bd447d4d69361510849595e3ccaac791bc38395c75a928e0088346cf9d9c5537f1429e03bb0f77d625cbe5b68dbbb92605fc72b3d8ef38cffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7dcbcec5850e18cc6ffb39b8b8dcd68

SHA1
66c17c8bff654973627a2fd52635e2c2ef730f8c

SHA256
4268d8724625c93b03ff299233b66707dc38f37682f108e50ba4e72c253223f7

SHA512
9f2f93013f00081b83224efb94fd3abc608b7c81634eb9e360ed1d35675ff60c5ad166c4d3175f899838fe3fe54f9baa7ec2c84d96c426990e4998041eed1452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2ff9e306583273fe4578205729db463d

SHA1
18b343c3e25c32a8f421bcab784a209bc4ad5e66

SHA256
1f5e1d049dff7e9f6e7659cf398ea34fad7ea81689ecc922e3e6e9e877c3d23a

SHA512
f032a226c0fb923d2cbe4192b9b8813b81e79ef6dd38323b417d4016e85b72f01586bcceaf1c0a8bbcdc6d2a8a0ab13ebeea8b3e5d621fa429a34fedf6dcd315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1cdeeeb76f18cb75686b8f0516802536

SHA1
16eae124302fd20ee893e3429fa2a0edc98bf548

SHA256
1ee0e1d0efae3605f502c534ed12680b6e571c48797f10e6ed186b47b2adf7a4

SHA512
e8bd0b9f09d3f7a5fc6f25b42ed1ce936afd0202945b9052462b1a8e743b028cc3499cf3268876f9cf6f3d48c09ed2c19f5fd747c8ed80872c0a7e85fb93706b

Download Submit