a94aabb035f9de146568809e40550d3a1f121fd12ff00b86f9d4b0d0bf95ece7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_3097f2443ace65a1186eeafcd27f150b.html
Size

48KB
MD5

3097f2443ace65a1186eeafcd27f150b
SHA1

e61c022df0274638524dd5fe45e437e3b8310647
SHA256

a94aabb035f9de146568809e40550d3a1f121fd12ff00b86f9d4b0d0bf95ece7
SHA512

74eb3098fcb8b7fcd2b37903fd233337753879f60a5e60d4b760d63c3ccb8f15d673b9ec234baf89c0a7800d69d965013b849724a4beead098c0da6c742ad176
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDU8:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
3568	msedge.exe
3568	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3568 wrote to memory of 4404	3568	msedge.exe	82
PID 3568 wrote to memory of 4404	3568	msedge.exe	82
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 1656	3568	msedge.exe	83
PID 3568 wrote to memory of 4716	3568	msedge.exe	84
PID 3568 wrote to memory of 4716	3568	msedge.exe	84
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85
PID 3568 wrote to memory of 5016	3568	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_3097f2443ace65a1186eeafcd27f150b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcd946f8,0x7ffcfcd94708,0x7ffcfcd94718
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2035657955508872857,10231061577228519183,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
83017163a44404153fa5438908751115

SHA1
f6e51833ff4a967a7ab582ad878b66dcc8f25f9f

SHA256
a89ccc1de560e20af93aed65fb944b6917feaa94730cfdd1b2d84f3572396f07

SHA512
8102cb270ffdd4d1557b0a9ee65fa9abb795bc3f443c80489b597b371cc9929751888063d853f305255e8b0b1715458828bf45660e6996420480a205359d08eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e91d73b934ac5f07d366e0be80b72c34

SHA1
47d168f8489d660b66ac028e13286b1a75dfedfc

SHA256
02889a51cdcd85a3114a4e783b7fc200522b264d80dde531b145ceec4c022097

SHA512
c62700daefc212bdbc9d0a9e16a43e1fd0d268b8fbee86a6d8ab1618d6d0f8fd37533d3dd992e3fc4ef9d72fe5d590b9acc6c86897ba1c6b6dc4c6acef0164d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a30bdc1c24ab7fb08cd8c3a09f0947be

SHA1
bb6c793227bc8f472151188ee2f6dd993a3ce2dc

SHA256
8319af876ce5a5b8eb87d570e24130bbd09c1d07d5d1cf3675fb0f4478a957e5

SHA512
04eb080fa63d53a5c2d55987768da77ee6632c92f904b8a9be81a0d196a8888bcbb6c63ec98fad1d7aedb52563da62f332febdd90aa6e0468c509e8c6fb595f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cad41557cc6d9b7971e0d72fb2b3a59d

SHA1
2159b2a6a9baec6ac0f9d244a9674e3b35c04dbf

SHA256
2ac27666d5f14673d9e7cd96ff14b69eb70a4a234e162198cfc6d3b17e2e500d

SHA512
7fa459ab8fd22550c4254d2fa7c647a3df27e9fa58460334605005409513d06dd7f9b120a2a453c72d132cec03efcaaa63dd755915d080945b7e6832bb1fdc7a

Download Submit