68bec08c92f049fae0a3f6ad3accb2a3feccc4e69d668bff2dd06de2eff3570f

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f3c2ccc8c33a25a09dc42375843d926e.html
Size

179KB
MD5

f3c2ccc8c33a25a09dc42375843d926e
SHA1

c6b361f84e8b7594d86a90e988c74cecba1aa527
SHA256

68bec08c92f049fae0a3f6ad3accb2a3feccc4e69d668bff2dd06de2eff3570f
SHA512

6e68220c4c5b25c3b2ac162039426056d55579038cfb1d3d6fedd24b3821c16f91039cd63a8326e463978bb0fb0363a12452e08aadf39f6e4dfccbab9349d021
SSDEEP

3072:LxDNvG8rm/GXmNJUNBVTXQUe+EJf6LIBD6cbbb/tY2FQngw1Z4R+:DVXmNJX2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
716	msedge.exe
716	msedge.exe
572	msedge.exe
572	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe
572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 572 wrote to memory of 4320	572	msedge.exe	82
PID 572 wrote to memory of 4320	572	msedge.exe	82
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 3956	572	msedge.exe	83
PID 572 wrote to memory of 716	572	msedge.exe	84
PID 572 wrote to memory of 716	572	msedge.exe	84
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85
PID 572 wrote to memory of 2196	572	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f3c2ccc8c33a25a09dc42375843d926e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9840e46f8,0x7ff9840e4708,0x7ff9840e4718
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16405732156262476199,4033397718945084932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b9739f5776a018d1dfea64dee3f4897

SHA1
3dcea83f53d046c24318fb0748f4d0652b213456

SHA256
a667d0d19885a961de72e4ba4b89957e9904bb9ac99e878e7fc106da0b3091e0

SHA512
d22f0a192450d4185fe73674d0bde7f2fa1f68bcc16ade038c372028a891d230391e45d08c02db9d11b8fccc250abbc5a29ca3d7759dbab8cb937cb4066e46e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2c40d5d7c5e0a85321aa5a230e68a231

SHA1
c4ac788ba4da6897adc3c9ef661ca6b469fc547e

SHA256
9bc3a5bef04210d4751fd4ed395131776e8f7737a5a377be09fcddfb7eb45384

SHA512
bb513fae1e4dbaed4ae59181407a24fe987c642451e6546fbcf14555fae575ff2d227fc39dee997fd64407d2927973831bfa14645d675c041b2dfc61ed3d55c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
2ebfdbd309ee762211b4a2ac39708c4d

SHA1
b002922c672dbe1dd4caa02af24d0b1e7da616af

SHA256
54ae97d445b166859fe3ba6241b97abbac0aa0d158c72352b774d60ba3e81797

SHA512
d1687b7a6da07a72963c96a1e85661046d3d3c96f88445302afa09721fbe211a5fb8881ff14b346b0ebe8a20f5ced21979e9f58e256427e57b85d565bef17720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f1fc91a786b48976c7e3123a489c5e52

SHA1
04fce5d04e98eda9f89e6775e9b459bdc80556df

SHA256
97649f1b4ed18c3657268dcc538884b47075bbf8c84c4e1b9cf3494c3224728d

SHA512
0d67e4d9590c80cf87ac32683432f95675f173b1052c15c979498969ddf86858c1335e0a0b17a05f16fc463311353bab2dd32473c75506350e64a7fed5da9e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
99ce4ded5ec37ed98bb007d20da1b2ce

SHA1
ee84a3ef2cdb8abc6d6e6eb7a9e64a7bd7f0a73c

SHA256
b90190115b23611eb87784e8ee6a452002345db82ec72ed57af101ba7f39d179

SHA512
35d5489f7972ba481457daa7dc3923019b299f26d974c8d4d69df465aff58eaedc42b20de8d600f79692691c20ff2ed8a9ea4458a8ef2fc6dc9a78094067c53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b4f603343363c286ae45e22630ba00fd

SHA1
983516c8fd452080d33a7d3271ed713b8e5a0af2

SHA256
074d2eba2d77e15b44bf675ed678bed16dcc519e43d6694bd34394ff04a21693

SHA512
e61b8f1712fb34b62b02869f1b028fc70136d84f0e0d8c62f3bef4831f6bc1a9d0fd7fd1bf24a72da607a1cd14182f71ffaee380d9fecacb647ea190fefc577a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ff3340282ae7fbb7e0da1754d4bd987

SHA1
4cd7f74867158ed339f3db2b65c1c9e4cd425cfb

SHA256
92032ad1dfad55ced9c1422929fcfe4b6229acfe93bb32138d288822b6d9fb3d

SHA512
5612931aeac73cd5920789ef81f6c632b7e475cd8049e1e770718ad92700d0e62002c9df029719ea9e0b86cf84c53cd3277781d486c5eef8ef3e468cdc34d079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
62fa438b48fdfb61c360e6d4fd356110

SHA1
6e54e946a5211afa1459715b9f37a18ea92cdd57

SHA256
fe3d2e83848ede65097467a54ea813ed25a51119e87121089b3cfc531ebe5798

SHA512
01ada296a3fefe713f53d80d2c95b6e41231012d0998077b7948a68d961b61292d1e3b1b3457488eaa739fc4ff0974672ee448d29d2fcce2c1bebab49da96624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bb27befd-84b3-4a81-b8ce-e77dfbe85a44.tmp

Filesize
5KB

MD5
d8fa441b9977b017ef6713e98506481a

SHA1
0b391887ff3f4fd52913af27b7b5f7c85dd02324

SHA256
d25aca4b50758df3eb3cb1abe6944814c2af4a135cdf4837c3d433f622a0beed

SHA512
38fd949a9d215b37f884315e19b2a3985b85cf77fe665b4fc38d411614c442384d6df2af67e7d6da5bc3213b780d8b328aae68fa6cab26645e328afe7acdc3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25131631a5c4a05ce388b3f98ffb9b2e

SHA1
29517de418e9ceaa78e01242d4d6c4e88efad6e2

SHA256
ecdf787b19de7ab2b9640930b9e8433e1dd1710c6625d91fb5c15880ded2d2a3

SHA512
3c3a233097947fb8076e024b439bd4ad78100b980fb27cae514f8c257386c54f6ff3261e51fd40ac972d50365235cc63256b4ab6faca4b9b0b89ab13e10bd12c

Download Submit