ae85f7448be451047463c10f34c6f8bb111c70b1644482411c4f03c83de7c728

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_14694b0775f16c025d89a6a1c8715e3d.html
Size

153KB
MD5

14694b0775f16c025d89a6a1c8715e3d
SHA1

8356f929e305f420b6c4c2b2df614687e3096c1b
SHA256

ae85f7448be451047463c10f34c6f8bb111c70b1644482411c4f03c83de7c728
SHA512

8bdd6a34f769ef173ae8cfa2468370c6bc0ee3e944ec064c7785c4efe148f2199109a889e3349eb774149f6f45dc2c320060bc0b772d3b3bbac2adb9e3e7018f
SSDEEP

3072:0fUkSw1QRYrRB7a2DFU2PA/K9odahlPzodahjodahppXg6CndiNq6a:0fUrw1vlUCwR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4772	msedge.exe
4772	msedge.exe
1396	msedge.exe
1396	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 2376	1396	msedge.exe	82
PID 1396 wrote to memory of 2376	1396	msedge.exe	82
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4452	1396	msedge.exe	83
PID 1396 wrote to memory of 4772	1396	msedge.exe	84
PID 1396 wrote to memory of 4772	1396	msedge.exe	84
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85
PID 1396 wrote to memory of 1788	1396	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_14694b0775f16c025d89a6a1c8715e3d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9255346f8,0x7ff925534708,0x7ff925534718
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,16992219431915484751,5650597470535918428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5288 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
642806e996efc68a00220a0212b1df58

SHA1
47cad8ce49400090fb577fea25b05555d3f4093a

SHA256
4dd5cba2538d2b53e016c8fbcd36c320a238112c39d8dc19fb30f39894eead12

SHA512
e613a2375134ea3d694c153f959b7db83a06392d5bf11135070bd08fffa6c3b7c5a07d48d2925e1be103172c43841ae5c9662306cb46ac28e434916675bc7fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5bd07a13e6b662fa6556596a7a9a477b

SHA1
7409d6a17a0af212282b8c0444734e6903cf38d5

SHA256
831d681cf31ed220ff17da4281d3e7e7752dea8ed7ae43cc9acf09743e750891

SHA512
4e9df5d0d6872fcd61b3a8a597173b867e8df1e8b886da23366feab24e4fdc2eb52255e2bc8d104727c20b8d06dde75ef94933782365dfd57bf28fa596d0f27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f8c35eaa283af8ffca3ae4168d1b1d7

SHA1
cbeaf3e22453dd9a0d1146674b24c841169289a4

SHA256
d5e49691b7adadab5e3f3ceaa9776a4bbe4b292d8112d543d51fff01b8e59558

SHA512
5310a268a690de96bc8d0e34e8bbe0ada8f68c548575f2edeac447057ef9b87699064897384a14839b3d67e3f3771f9ae2eec3231288e3cc6a4a2bb0a83b852e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
daf0e590c41bcd924c74610e310a9de8

SHA1
6093b08e4a78e54104013572af73f706ff5f0f1b

SHA256
8e359713c76ed6638f14b796e2b1599618aa278a6cf679b6dca9383fa6672632

SHA512
00bae6ccd6da7b1ed25d9312dadab4917547bbb969dff69af5eba3708b1830c3d46e2123080841c332b756942943580173712803cbd2397f5cb21f651de56400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0027b19b0401a9c7a277695f90101490

SHA1
6de882fbd2a20ea5d119d2ee77557d3fd49d893f

SHA256
6d05aa810408f0e9db0281b105f08e1077541957bf764cb5f1a74634ce7e9eb5

SHA512
108a0e2523c3f666c533ed9df47723cdfc86e516d3b538e87df4f12396094095ac3b1c8f1b27ddb78537422deff0498af63ef41ba61b6dd81e5a5b1d40ef14c0

Download Submit