9e2e2079847e47a315ae818af87fd3ec2f7f5af6b00ae23f897ec99e71f2cd93

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2025 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_ce41deec7bc34210bfca75e10ac00fe0.html
Size

73KB
MD5

ce41deec7bc34210bfca75e10ac00fe0
SHA1

2dfbacb7a56aba35f89daf736ad547a405582b9d
SHA256

9e2e2079847e47a315ae818af87fd3ec2f7f5af6b00ae23f897ec99e71f2cd93
SHA512

0834fa5a3b2797db2b49855dcad44433346a73ed76520b8e516a3e38244e71579ff7f25c7b08893867385ecfa00885a0a832e2e1874209084c16d8cda550a72c
SSDEEP

1536:nB7tbmyo1AaVdyMj6y+UQaKMKpnuodThpECVq3FDq/lhGlH2yec:nBZWKaVcby+U1IuodThmCQVDqdhGlH2q

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
4596	msedge.exe
4596	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 2396	4596	msedge.exe	83
PID 4596 wrote to memory of 2396	4596	msedge.exe	83
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 392	4596	msedge.exe	84
PID 4596 wrote to memory of 880	4596	msedge.exe	85
PID 4596 wrote to memory of 880	4596	msedge.exe	85
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86
PID 4596 wrote to memory of 2504	4596	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_ce41deec7bc34210bfca75e10ac00fe0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff84a846f8,0x7fff84a84708,0x7fff84a84718
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,5198787013815967590,7797553994347836516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9ea7944ca45237212e47389affb6a9bb

SHA1
410063b7fa077e3d4b75f64bf02eb2a4aaf11312

SHA256
6129cc6e9fc896542f0270a56624d8b7f22c1023407d4476b7fed1dc185c3436

SHA512
99d08996a503769490ee41e60d094e1253ff12a0ae854d23cb4365b3e74d9098b731b570847acd86f74af38fd42e74451ee0cc31fcb987704de2d4b61632bc05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
63601ed8eb41f2d393014cb43442c940

SHA1
05285dc29fc8ef30420e267ab56dc200f1eb4c13

SHA256
069d5d50279ee60da8f00a55b637cd7cfdf8dc2aecd9230e892ec187f6bd1447

SHA512
517b613755e6c03202f644b2dc05a53a5457c51fb292320bd68605a8e6652f0d39b621a6c32479c81f22ae51f720fdb85c35a77386ee28d11b451493e95dc5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
051d408d5dea881286396e9d12f6e373

SHA1
7685135ba5e7884d7bdb6f9e8cfba3d2c4d2f488

SHA256
d6b235402dd89b59a1bb9a8606a13588416cb6054ef103a20219f0cb7442a413

SHA512
2839da78ed2729bafbcca9eb9b24a054a452bdebcb3e8eb8d7968e8f5b15c0b8257288e133498d98b53388cc1799408fbe6e1a9aa8ebe47688983f51caefa7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
92a0fac7e2deb0e2b7538c6ed9cf20a7

SHA1
192b9a12e3623dac8440f40ec33c27fe1a4930a4

SHA256
df50727bcb71fde7b7271ba2b1fd9e49fe0daf5aa3c87c4985d09045cbcfd5ff

SHA512
b1697690eb9316d8d78afb7019fdfe99f224ffc834409cf46a19bedd0b7b1ff01517476be81ad40ad2c2f361eb423c9476343f2a3c399864624f6705fef993d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8511ea86a58d06e2b0d6951f3cb2044f

SHA1
8ed9c431242fd2ac20512798f9c18393e590292f

SHA256
5ed4ae160115d1d308363432a120cd31b856f472873dae96b381ffd4b6af61e8

SHA512
e4638fc2dd8f4d6cb8e8528201795ca3643ac5977de38944bfbac8c6646f444f4e48c5835c45d48321b07b6d940d1306a561505402e0fbac4ed9b9b0965395a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24f8e4cfcaa0c8d94b654ead2f86b57d

SHA1
4689cc9c2ca191db4d1c7ad3951e53675850f159

SHA256
010c369fabf1fc96a4482afda98193eacecc92b85ea286ba2f3f2d9f6d407451

SHA512
3e6b417b4f0254a3f79cd938c4549c9d2875c599f47eca904334f60334d36430e3c91fcafaac010ee55f117bfc0f8b5fad7cc0db34a3bb9a1d392f0ca8316768

Download Submit