4cf309cd108b78f22ade9efe900e6391e8a509a98b11af2bd26afbb452e7568a

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2025 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_d3c978690fb6e3bee75285cb1b04d384.html
Size

87KB
MD5

d3c978690fb6e3bee75285cb1b04d384
SHA1

6cebf5a287863af4dbdbabdc0224711ec98c7f85
SHA256

4cf309cd108b78f22ade9efe900e6391e8a509a98b11af2bd26afbb452e7568a
SHA512

5209cac11e1f37190967a1019d653e3789543ae862f8fb46932706bbebfe1c8b1da77a611b87d692d83133cc2b95f1d44eaa02e220de18aecff166b610fad8e6
SSDEEP

768:wwP3Pk7oGxh3t/OmC0f13bI0IdTTR9gVVVW6kj4yUm0/Mq8xLIE2ItDcoF:T3Pk7oYtRBmTR9gVVVW6kj4mLIE2IyoF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
4296	msedge.exe
4296	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe
4968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 1476	4296	msedge.exe	83
PID 4296 wrote to memory of 1476	4296	msedge.exe	83
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 2564	4296	msedge.exe	84
PID 4296 wrote to memory of 3516	4296	msedge.exe	85
PID 4296 wrote to memory of 3516	4296	msedge.exe	85
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86
PID 4296 wrote to memory of 3540	4296	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d3c978690fb6e3bee75285cb1b04d384.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffb517b46f8,0x7ffb517b4708,0x7ffb517b4718
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,4297136161834015515,7532891299847452579,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
c8be4021fb723c506743cbfa0f889f6d

SHA1
d0dbfa65c76787ef36448a521ad07fe51afd7782

SHA256
6928a81f4330ef0fc955789d9438395940fb69a4418bb796bb8baa004f6cb731

SHA512
de87f640b7389eac0a815f9e6f04813908608aad877276a78e447955c72491a9e60459406165e9f6e241a112e8160e90710d56a29113c82c05c6f5d57271351a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c682ff3745c5a94df76fc520c016e543

SHA1
4b373172c2a9a6a9e13d0c47212d825c14d33df0

SHA256
1e5ed825046667dd577ef74cd42f3eddb8eef3e1c1b182eba7891cc376128926

SHA512
77a183d48463f28a28f9b7b795e42302d96571a63898e665675e942029ed06a07822b22215d1b4c8c13a38810ec54c7cb7638106c97e48077094cb2cdf727284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d89b1400298f9d1743f414c260ec82dd

SHA1
44d45e662cb2e1409c7d5f7e93e92eb08befc272

SHA256
bddffa129286cf1bc298a5c3ce739196a95522c7d0bc5c4bce866f8cd307a725

SHA512
4f580405f4384f6ba5c1b89e56a56929d4588e70e88b41472faaa2c015bf359af4274c51361579803e8a9616764801c05273f7e499c7d06af956ef124962e442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
784a2897ef02f5018cd287027b00dfbb

SHA1
431e764ad5d433269bb204120d9947da99e89982

SHA256
6728bbc2d89753fab57425b10c541205c8272fe64845f99ad272afe2bfcc97e1

SHA512
bcb667a9f6522650ebe31eb9f421965791c6de6b78e364a7f37bca05cd0c11e441cdbbda2b6f5cba2a4982e1c40f0e7e3a8aaf832249068c033688ff768a52ef

Download Submit