f2d1ad4f4d3b13acaf18699877a1a418c6799c3fb8af098d94a94d3356480e32

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_de5294df1e24bc4410ff710d0081c407.html
Size

144KB
MD5

de5294df1e24bc4410ff710d0081c407
SHA1

b0b0b970925487911db45a90645be152d9162d8c
SHA256

f2d1ad4f4d3b13acaf18699877a1a418c6799c3fb8af098d94a94d3356480e32
SHA512

71af5454f08ee2f89f902e16d1150478f0815968a397797edcc9f524974f6d53c5c68c44d080a239d6d4eda66b76ebfda14d2d52dd9fa1530efee4853f6af161
SSDEEP

1536:1EFwEzvTFtnBQ7/X09pFZzI260tGZyyHo1l2mRADfZ79pq1RTjUxF35y2S:C/7Fc7/EzRimRA3s19of35yV

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	sites.google.com
13	sites.google.com
14	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4656	msedge.exe
4656	msedge.exe
4244	msedge.exe
4244	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe
3408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe
4244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 2788	4244	msedge.exe	83
PID 4244 wrote to memory of 2788	4244	msedge.exe	83
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 2928	4244	msedge.exe	84
PID 4244 wrote to memory of 4656	4244	msedge.exe	85
PID 4244 wrote to memory of 4656	4244	msedge.exe	85
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86
PID 4244 wrote to memory of 4908	4244	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_de5294df1e24bc4410ff710d0081c407.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff409346f8,0x7fff40934708,0x7fff40934718
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,917420401264762212,8631449704388627687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c01cb92a1702702931ec4adc0ca0af56

SHA1
c6a25462582ef72b505c1dfa289cdddf5d863481

SHA256
45c2306cf26ea1fbea61f90723662fa9d8ad84d9e8314d49b74127b28ee297ae

SHA512
a1fa1b06dd5d2ac91c6998cd3e7f2f58adaf58bcd8415f811c36119693fc1d7b3d04798c96c550b737c31c774eabd3808e85c3a7e93e778036d0f5a72e2fff60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ef0d9f1f47368aa1dc51de7dea403783

SHA1
ca8d8cb7050085845476bb205aca96bcc986f597

SHA256
55e7d82db874059cb372b1422554600b3aefbbd2b95bdbfeea09cb8391ac1b02

SHA512
bcdd20ecba9729cfa902cdf882634ad58b573cd9ecc4ce8a725659710490f4f8be743847015daac1d24f65abef5600d9ac79e2bcea79f7c41c5aca765aec0083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7164e2a1621319c5077a0480e3d01b6d

SHA1
6cf9a3bea8fbb86cec41387c2e9e9b758b988adf

SHA256
fee0ffd621c0b5e240c18c64a396f77079d073742f4442bf252aaa5aa9dd8ce1

SHA512
e4030d726e062de5d6610fc69d27f047bb31bd3fcb80c54c6048aaef72c6a3c967b646990ba53ded1268b33880c87af580cd0ebf38e4bb0c0a025cbbcc3ac3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce8d4d1f7f78b3c55e0a13e73f04540f

SHA1
e605569f9ba6090f24262948ad615842b8b62fd8

SHA256
0a09d45f44cf3b0bde8a2bb6f383ee85b11d7f404b8f15f80756b480e376623c

SHA512
c0f8587e46c4108eadf6c315b7cf8b38f5a2743edec4282a718a6cb3783ecafe69cdf4b8a88c00613cf6a29b2e5fabfcec870a09fc66053a4f5c91e992bab566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
823c2c9eb42f3afda0fb7c9be688f9dd

SHA1
6b203f0e46ae594829ea63efa1e396b1fe3915bf

SHA256
8dfe1891d4beef4864f3f9458945c7c703ebdf52088a350a9517c2ffbccbebd0

SHA512
0c15ece50ddee6ded54bce6f262251c73e355c33f23619ed672d03f90b852868ba8f50116a1ef9fec8dbbe4e1707891ebe66e798acec9a21a7c64b728e99ecd5

Download Submit