aff0d942a2551fbbe90ae970a70e3bba052a3b5b8f8c516970f2c41d974781f3

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-01-2025 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_69cd3ee0c92cd18cf5767022af1a6c1b.html
Size

101KB
MD5

69cd3ee0c92cd18cf5767022af1a6c1b
SHA1

f8cda75f7e07396f8be9ef272dc1701b83870da0
SHA256

aff0d942a2551fbbe90ae970a70e3bba052a3b5b8f8c516970f2c41d974781f3
SHA512

f5ac81910fb9190fefd2d54b9c08a991b5d5169d9d525b3ebb886c122052c89849b5a41bcccd4ae784f4f31d309d006e31153e1ff576a2a2ab67d70de8aa7090
SSDEEP

3072:P249sH2TADQLm9DkpcQzAi+NNuI/dtAKod5h90od5h0sm9DRJTelnpey:P/9sH2Ugm9DkpUi+XLsm9DwnT

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
3388	msedge.exe
3388	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 1148	3388	msedge.exe	82
PID 3388 wrote to memory of 1148	3388	msedge.exe	82
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1516	3388	msedge.exe	83
PID 3388 wrote to memory of 1144	3388	msedge.exe	84
PID 3388 wrote to memory of 1144	3388	msedge.exe	84
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85
PID 3388 wrote to memory of 1816	3388	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_69cd3ee0c92cd18cf5767022af1a6c1b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd56ce46f8,0x7ffd56ce4708,0x7ffd56ce4718
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14405317221268510489,634030669001844913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
ec3d2266348448c333f13cedb8771f5f

SHA1
2045c4b3a98ade82bb7da931308a44f64a283c97

SHA256
58881907fa330ea2c06a66457156d4d18dc305bcb296947987aaad074aa69098

SHA512
ee6c72ea6916239c9c9c38d531eafeaddee949197a0fded47b74b1bff37dd067cf43782ff7486113ec3deb8497abf6dcb508c9123512de4eacc046827997178e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
39da7350168fa081e21ba5742fc6d385

SHA1
0e6da5dfa201ed9293e8c1a350d55653d72ed27c

SHA256
715495a32e97b753e5c945d575d3d54dad2895fa35b1cda9bd087be405586c7f

SHA512
395a07792139026b86c4d63e13bdd1c9ad2f2eaaae7ad9ba90477cf340341be1f6d778f775b2d2a4efa03d515f57f27835bcddeff459ebd9ff9a6ff1af91fbf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67d09e8e05d6d82f80b77b6ed604e1f5

SHA1
46c2b094d5e2975c115f13b19651e0baefeb0bc2

SHA256
69691c11c7bbc843c5f1b76af4e0b2686139950cca61d51c4a47301e6f928136

SHA512
74e92d7f8d32a25591dc07cedde241c50e0e3c02065bc912225cfd0d4bd4dd231ee63c75d29b676740c4f402e490c79b561e512065806d71ff66eefae0aaa9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6fe9432d76f61e02bdac2c5007ae1fd8

SHA1
1623c1682a32723c5c1356a6e3a19a58c888de4b

SHA256
fde2de2623dd84d50eb52f87c54f8a8933486aea42cb77598ba8c385d3df21fd

SHA512
4b34f90e67991a4a69562d1ac40951efa407605df2a5fa50f6821c4b7baec9dc463c951c2297da5358c8ba39f180291f4fb271ffcf8f34d50f56e84358622849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f6947477688b590a4d4da3de9d18abe9

SHA1
8b234f22ad82879b312af6e31a534f51e5252c5c

SHA256
7e94d78c0e84f6f20911a94ecf7361d05cb2c7281210bb07b775f105ca30760e

SHA512
55eca48a642df3346d54e3aacc722672bad7fccb77257d300a22f01b01263b8b1f6e0ee72d90b8b8dc8a2b776ba07232551f567a8a72dd17472e043cb60ab111

Download Submit