Overview

overview

3

Static

static

1

JaffaCakes...0.html

windows7-x64

3

JaffaCakes...0.html

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_e25d896ddd17aab7e630ff79b1a5a1e0.html

  • Size

    142KB

  • MD5

    e25d896ddd17aab7e630ff79b1a5a1e0

  • SHA1

    72352b13ac724c0ecd8f00d190732bd56c95bd49

  • SHA256

    4e718cc64dd027768c8da76af559d18fad834de81a021a612e5b2225cc518f54

  • SHA512

    509bc26004ba019953aa51f35e6d26395add588c7161d7084950393d90ed3b228f9e4d5a43c887e117a84f0296036d5a4d80be8adc7cce98e0c3278ed1aeac6d

  • SSDEEP

    3072:tVGejtPUeUwIVGejtPUeUwMMKjxmjLZGDAMJJlzTPPA0ZLpfq8gMPhbi2zhkXe:tVGejtPUeUwIVGejtPUeUwM1iLZGDAMT

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e25d896ddd17aab7e630ff79b1a5a1e0.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8ec646f8,0x7ffd8ec64708,0x7ffd8ec64718
      2⤵
        PID:4744
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
        2⤵
          PID:3512
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3132
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
          2⤵
            PID:3464
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:4704
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:4772
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
                2⤵
                  PID:3700
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
                  2⤵
                    PID:508
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
                    2⤵
                      PID:2416
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4532
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
                      2⤵
                        PID:2788
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                        2⤵
                          PID:4560
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
                          2⤵
                            PID:3148
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                            2⤵
                              PID:5064
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,13719286157382753997,8285692727355337383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2848
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4992
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2656

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                fab8d8d865e33fe195732aa7dcb91c30

                                SHA1

                                2637e832f38acc70af3e511f5eba80fbd7461f2c

                                SHA256

                                1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                SHA512

                                39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                36988ca14952e1848e81a959880ea217

                                SHA1

                                a0482ef725657760502c2d1a5abe0bb37aebaadb

                                SHA256

                                d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                SHA512

                                d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                595B

                                MD5

                                1bf41acfb0d6354e4e96599f0064995c

                                SHA1

                                77ae3d82b32e3b25acfce04b9dec793c8e7aedb3

                                SHA256

                                ba52834fcdbaa5f665754aa42f2459db113f0c848e81ad9fb73ca7d33b79036d

                                SHA512

                                7a77a528f9809573d8d9fb704312d9d10116993c6bb0b6949a1ed7229b4f2e282d04df843d4d79abc39a42f119448cb143d9a59fadc4b638830f272909570c70

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                a5767246f577ec92eeaff68f3144c2b2

                                SHA1

                                83baedf24a0e2ecd66744fef3e1e9b62272a19fe

                                SHA256

                                d10505cbb81a35a6ebbeaad3940fd7ee56590e0ca3578abd76fc9921d389ddec

                                SHA512

                                cd8464ea91a6c643f47b88514a335424e028eb83074d1d96ee00b2d9b82997f2916c4a862c448d8f629ca9986b175eca1ef71f5406cb738a3515b09a94a2153b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                542415e474f6b614082a02d4ac73152a

                                SHA1

                                3664963ab3e5af38e9c8eb880a18e65ae88e09e4

                                SHA256

                                a04b0a41729116201344aa0a21c0d7000aa3720383e1478df63ec4627b38ae9e

                                SHA512

                                b2a8e3dd78b2d85b5e409518645d423169168652d9fcb79e20237dc08f039028f9d665e12bc681e22469e9eb187691ab12d4edd7dd36b6334b6474795d40db02

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                8039859c4b178a7c82d579ade490504b

                                SHA1

                                0ce3d4a402f6ebd809b3435f18bd7c7d9d533667

                                SHA256

                                8e651b80700254cc326c99a42305b6fde13ce4ab88a07ec4c033f2623ca2c932

                                SHA512

                                c054b97dfddd8fc26795edf554ee2011b4c0c7e9c152c3d5fd8f3f9cf7f88cdc53986142b773545ee950d7908ea835008e85e628c4d3a390514c804bda24a6ef

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                b25e2004fce7b39870320e051c2bb12e

                                SHA1

                                29a46f885e565f3c2c74530f5861114f4be6b149

                                SHA256

                                d3266d4cc13b2c06360d8371938d25d57cd7630dab294a5df081bc3bae06a291

                                SHA512

                                59e34149ccd31f0679897654d0b91984ca3c573cf6d280eafc3e342bf48c778860285661023ab999a5d6e11cd1b1c7ff0691d861843dbdc05ebcaa2c95fb27c9

                                Download Submit