adbc941c346bc80ccd3f5f524e4409670b46c672fda17c1323e7914e4f2aa126

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2025 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9e4f72a2fd9eb6e1e34f4baf7b32187d.html
Size

146KB
MD5

9e4f72a2fd9eb6e1e34f4baf7b32187d
SHA1

4a89fe8a712e12c2deef06c5424abef13ccccc4a
SHA256

adbc941c346bc80ccd3f5f524e4409670b46c672fda17c1323e7914e4f2aa126
SHA512

8bb9700c881011da589347fabd2cd3bf018a9bd1b9c073269ca43d2ad0e95c8b7d2eff7bf644ba78ab454e2f364d25f00a47712afea60acbe1c7554d2b6fc635
SSDEEP

1536:upUJEEJXFfGi8r8CDrnDD9BVZfkj/f5w4w+iL:up2JXRq8CDrnfVZfL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
4884	msedge.exe
4884	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 4836	4884	msedge.exe	83
PID 4884 wrote to memory of 4836	4884	msedge.exe	83
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 4496	4884	msedge.exe	84
PID 4884 wrote to memory of 5088	4884	msedge.exe	85
PID 4884 wrote to memory of 5088	4884	msedge.exe	85
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86
PID 4884 wrote to memory of 1456	4884	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9e4f72a2fd9eb6e1e34f4baf7b32187d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5c746f8,0x7ffae5c74708,0x7ffae5c74718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,10437630130553919263,10453192255669219351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,10437630130553919263,10453192255669219351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,10437630130553919263,10453192255669219351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10437630130553919263,10453192255669219351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10437630130553919263,10453192255669219351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,10437630130553919263,10453192255669219351,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1ded28673e1bc2da2de500fa3e74ef9d

SHA1
bd123a1b73ab198b65e96e9dfda78ceec7f151cf

SHA256
4c509dfab642e8758d49e6aa149b05324e7d03485f77c1210b1ccdf6abc69122

SHA512
6e9b9e224b4d5ad1b7a2e19b195eebf04660f55bbdaeda6e452f2c82c735608399a89c20f3ccdb87f50d9b4562d04235efded7f1f1041604d90e40b5701d66f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e5a5a21f3b36cd578d2248ecded8fb6

SHA1
d31e75a3b0226159a41c55236a1901894de2ebdb

SHA256
8db9f53914dba858bcb6722d3828ab27c5b3ba555d3de86a1988eae6c235f334

SHA512
26c96f9500feb78e0bb28e43c02210656a8cb9dbcdfa75246da2e7b8b97f0eef067ec47442c84cb68fe26655022a412a69ab3c78c810fd0dbfded70cca9a425e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84537e0bbcd335cf2b6d77114b2b9bff

SHA1
539732bc695a8d8e76861dd0d07ae1e3db69dafa

SHA256
3a1b623473ee42ab1ffab0d6d7da0e52e4d1ea523243bd0c71e2fd74b7636cb2

SHA512
bc2b8f3062ecd23988eb3068c3fea5a181519e8b68a2e56211d82f23106b318e5a4ab8312dfb33f45d805652b9602aa689601bfdca51c16eaa2d152ad1481f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30d0d4e7675e2d38f487ba5e70af4d3a

SHA1
1ebd8211ce2d3f9f54594bbcea6f4e05100c55c3

SHA256
ac9e39b806c1d3ac665af19710f85e3e0d96ae7396327c4015ba0de60c9bb526

SHA512
0ece864ddbfd4e7a2b4f2ad1e4530c1bafee5967ee74a3080902e1541e0e6e248e255525d452a6082242b59ef9e161ccce9cc19106f9fc496dd450671190f574

Download Submit