a42318c9a1ab048a60671c800c5e378043d0f1d250c2c01fc6aa8ee88a0a28bf

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2025 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a74efc03ba79b82ddda9dc69ff632fdb.html
Size

152KB
MD5

a74efc03ba79b82ddda9dc69ff632fdb
SHA1

c00321b8c49ff9ace1b0d0cf441a81572cbf2670
SHA256

a42318c9a1ab048a60671c800c5e378043d0f1d250c2c01fc6aa8ee88a0a28bf
SHA512

064102cb55b813450379fd015f8d4bf9d7106c11fa4f3c34c4096759107e95e8c23c1f5dbca375c8f58440519bdcf8c2d9b274b9d7b698123c5b5b600802a279
SSDEEP

3072:1t2iEw026YMGSXnVv+Zz+IU+wP+6PdNSgodvhqX19gN3ho2:b2iEw02l2+p+b+6+Wfu

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3136	msedge.exe
3136	msedge.exe
4740	msedge.exe
4740	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe
1756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe
4740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 1360	4740	msedge.exe	82
PID 4740 wrote to memory of 1360	4740	msedge.exe	82
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 4696	4740	msedge.exe	83
PID 4740 wrote to memory of 3136	4740	msedge.exe	84
PID 4740 wrote to memory of 3136	4740	msedge.exe	84
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85
PID 4740 wrote to memory of 3620	4740	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a74efc03ba79b82ddda9dc69ff632fdb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b00e46f8,0x7ff9b00e4708,0x7ff9b00e4718
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,2061142890912878205,10554345687653261209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,2061142890912878205,10554345687653261209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,2061142890912878205,10554345687653261209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2061142890912878205,10554345687653261209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2061142890912878205,10554345687653261209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,2061142890912878205,10554345687653261209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
15738a944961561dee6277ae190f6475

SHA1
e0ffe92b4f4fe5fc4bc874d555e6d0aa108f3dbe

SHA256
8e4f5547d197957db330fff255ccaf8fd2e9cf30d373000debcb4e3393b200ff

SHA512
53185a7717c81ab7d91e1a339c75dc42ce819b10155dc129bd027ec7591c4d56674038fd5d71a4029090e3f25e6e5d805b7e441e44cc44516c2bfe587c65c165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
574873d71e81f04a8503e17e21cf53cf

SHA1
0a20dc8462849c625d4beff79b91d4ac7515a5c3

SHA256
a15d0225d36cbd82e10de18be865c1fbbd902d46e85bb6170d779668c644b76b

SHA512
1261fb2a54171f39db74a60cf12767b21a3bb2c87fcf240d9ee70aac8f4749de1ee9223505473785ac2ae553681b54586f601e43430a877f98cc82de963a43cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52e7acc3668fc711cd96fc8a17c53ca8

SHA1
723d1f68ee18d837e2180694230b5ea8243d3069

SHA256
884725683cf5c23e6367b4374089f6a210d62b3b06535c2945eecec5e240a430

SHA512
e32c52433d082b3ea62f8ca890f2b040d856569f0594579ebbf690f55b9614544ed764c062382329fe093647337efc8e940c43327446f2eeb8209bd9b04f14d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae0f490043ccdea3de87c5d136a9ce77

SHA1
6f1b2829cbfb2b3e143d67c482adae609f0eb01e

SHA256
b66d0fbe6f34bf53f9c3e65f82a723781ce16e271d515f77da87f982af474a8c

SHA512
59cfa5b071576956ebb4e2a5abb830d3ccfd6aada142dd9fd2cdd25ef14b8e3d189a495b05795447f7eb3207140a494f16f7eed9f7efc3ad488a3ec176761fd6

Download Submit