1e1659dde6a407394a784abd172e98e85841f68ca7adfa5998d3e783820e090f

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_f9e105349717071d93d0b0ac3e0d0c52.html
Size

216KB
MD5

f9e105349717071d93d0b0ac3e0d0c52
SHA1

22bb4a667b969c4cba866ed5daca60c0179a12aa
SHA256

1e1659dde6a407394a784abd172e98e85841f68ca7adfa5998d3e783820e090f
SHA512

ba7bcdab50c5608a3f00a92df14eed0fb94488dff5c0b8385ba6e1c77784810fb1d460d0a5bcc1e14435387bc613c207c99b9658544de4110aaf51767253b6b0
SSDEEP

3072:9Pvyx8GA02ESlxTva7sQL/7npIVtmpaKSdTNKZtWI:9Pg2EJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
628	msedge.exe
628	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe
4620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 2328	628	msedge.exe	84
PID 628 wrote to memory of 2328	628	msedge.exe	84
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1988	628	msedge.exe	85
PID 628 wrote to memory of 1708	628	msedge.exe	86
PID 628 wrote to memory of 1708	628	msedge.exe	86
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87
PID 628 wrote to memory of 952	628	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_f9e105349717071d93d0b0ac3e0d0c52.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff003946f8,0x7fff00394708,0x7fff00394718
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14859606339286160566,16238795056547825921,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2cc7c6ad1e6c693087cbbd5585f3aacb

SHA1
92d989e27e181e2cd1df9a82c87c3ea0ed48d8fc

SHA256
955d9e318dc6172d7e8cdd0543f27d1ef10e6fa04485ad0d46bc0b28028721eb

SHA512
696ee950561cd6e81f1407ced3353782aa6b00f8179474e74d356c73a5a1851559aeb99f5f426d2ee13175524256451a4e4f12b1ec2243f1b556c21272fbe0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1007B

MD5
16a88a47fa1c0a2ed63c67a240dfe36c

SHA1
56b99f4b1b551cdf7b71804a4f7bf1987bcb5330

SHA256
defccbab8cf794cc8c468a84117836b31be5171fd85643856c82375145fdb329

SHA512
47eaf2d937944aafe9c0f69c0c99ffe91bb875fd5d54d54ba90cb36385cf54878fa1b332abce2278ddacca387297f173b69d7273e6a4f438d249829c591fd8ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2188f15ab4c3624aad849cd4f702116f

SHA1
7bd40998699598e8d42debd78f58ac1a11d95137

SHA256
bcd5467a555249193260f8dfde42bdebd6ea6be27e08c1e3a7edd9f0b2fd6980

SHA512
1b0c2afc0a50f457f3975471965b55539bc3a399760798efc6f6f346ead125dfa7d3d57770019e90284e546a92752d582babb82a42ca1a62b829793a8d01adfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e982f0bb411d07424b27df3ee5e5ce6

SHA1
9b49b9893fad4cf54fc4d09aa87ae6600580c4a1

SHA256
a20334d0ca2abbb2b22f38fa24ec9fe36534de0e6364266169a5d0d630b82706

SHA512
c9f9ae0b6ae10bb8e1239e67129a7c38a40ef58174db36934c9b3482ab0df60093bc46caefd1a0e35997af251eebb1ce158ce1e51895995d967ef0ac53ec389c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07706897fb7a38d271b360dd00e833db

SHA1
cb0b8a10d1957e86ff3ff7858bb231bee3ad71c1

SHA256
1d0b5a52f33930e30cefc7e5cc28cba541b47b76afb1c7e529f2395fb85c0029

SHA512
0240537bdea3f5bcba6f7caabf7dc07896e79ae93db0e15571cf21c794e56cb98dbf964b709a942a7342933f6f60962dd69bfe0a7ded6a606f55d64b66d8b0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a599a6cb0941153e70ba510dedb59c7

SHA1
3f7d7062555eca73b082989729e62e1b2a8b7b73

SHA256
d087ad017716817bf2bc18c05cbc48acd4622d3fbd5a318922a8bbd83b6e649f

SHA512
00a3eeac08c21534722895092f805125ae3c782908ee5e1c0a6b0d7373c1371c0cec39dd14f03be6dbaa0fa1c382ec843029f8d22953dd9e662543a064b40806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5516e1536ad0a973b25d87f24e575021

SHA1
14128c8f9ed2c94993e8e361166e4b0eea9e5272

SHA256
d13557da2485bccb46b46e9f381f4d5eeb46720e7bf3989d95031cd5a6659d9d

SHA512
129900913dd8d4ec10aad0038b835bf2f67f537d9a626814787bdcce572b3e90d5083a44c4e0ada64e5201c65a35a5943c2612cb98cace6bedf430a351ea3c5d

Download Submit