4d8725d48c5a86fc1620aea2305da225ea06d5be8eb3985838637d20043b2307

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0a037e53cc74c51d7b8bb46b68a1c3d8.html
Size

143KB
MD5

0a037e53cc74c51d7b8bb46b68a1c3d8
SHA1

fa719b7faf5cec8169eb38c6e05846a99bbe7714
SHA256

4d8725d48c5a86fc1620aea2305da225ea06d5be8eb3985838637d20043b2307
SHA512

c171dbaa87f38d4db998c04d0fe034a0e21146b5700cf88ae7d85bd9814af21f94122872b505481be7d58029e156100cce195d0e03f8493eba274daa8bbb66c5
SSDEEP

1536:upUJECCOEGi8rdCkLnDD9BVZfkjnf5w4w+im:upw1EqdCkLnfVZfI

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
4688	msedge.exe
4688	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 1216	4688	msedge.exe	83
PID 4688 wrote to memory of 1216	4688	msedge.exe	83
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 1368	4688	msedge.exe	84
PID 4688 wrote to memory of 3972	4688	msedge.exe	85
PID 4688 wrote to memory of 3972	4688	msedge.exe	85
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86
PID 4688 wrote to memory of 4060	4688	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0a037e53cc74c51d7b8bb46b68a1c3d8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbcbc46f8,0x7ffbbcbc4708,0x7ffbbcbc4718
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4256330587631488204,7281190398631372483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,4256330587631488204,7281190398631372483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2596 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,4256330587631488204,7281190398631372483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4256330587631488204,7281190398631372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,4256330587631488204,7281190398631372483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,4256330587631488204,7281190398631372483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7d996c72033f3128214808ba019b1204

SHA1
8eb7132fc584574a9fbadbd7df85c0651897c304

SHA256
16f69deb71d1918da150311568cd93461789820a80f4b0d0a8cf02a52e60ad64

SHA512
7eedb7f70a6be05b6edff6ba658471dc464c7416b9747386cf440d48d7c512ebbc2289ff73fe035c4959fc080b313b3c0ec9b1196ca8f45fc245cd4df4cc558c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3284024f592790cfd7a270ab65a29c5

SHA1
99f0a957edbe2701816d3b08d9292908e1578f1e

SHA256
b766a02f33e741bc8d0c3aa1d172a936019091c79bf384bd2b0a010429957ec0

SHA512
1538cb5ca6ed5d12d6a84dcaedc1097a11d761023f1eda77532788625de7ecd8607a1236abfc744373fdf0b1d5759f771c3c7fbc575386273b87af5ecdb313fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d61b5203d754a0a684fbb5bb14236f6

SHA1
235e3be589bfc3d3315676b38a9388a7d19eb1ea

SHA256
9a33f0a89eec3b7bed476b728132a7e31636491198363bb348c4695f25255ef9

SHA512
90e5dfac6f99af204fc7c6de76c0cf23f0b64719d6c1dd77c36b989305ce92be963d5014c5168c12802250a8ed4a6bb7cd7915fb33b1e0fd766b5b94880be220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55b9aef520d5a7729017cacee00b0a1b

SHA1
08e39eac0ca30c4629dfad80af8de0e44c948208

SHA256
a6a3c5f0e529c00470cc9dd08b8fd762e5f3c0de08126b3d3b1d3babf51e41c2

SHA512
fac41bba9e4dd8b12dc414d58c1a37bfd23fe956bd57e0640213db1376eabfa6cc8168244c8f164d26a1a69dfd869443201fba2c1dcf0cc61c6481206a662044

Download Submit