4c84b07458f4ca190ddd816056ff800f66dfea23d967064199be7b0632caf12a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e2d84b0bc0279a32bb602b8082b7f8a6.html
Size

57KB
MD5

e2d84b0bc0279a32bb602b8082b7f8a6
SHA1

d60c8617699fd35178e8d32bb003cd18003bfc8b
SHA256

4c84b07458f4ca190ddd816056ff800f66dfea23d967064199be7b0632caf12a
SHA512

e6319bdcc16c4da52c8041a09474ba742b93217dc532aa4f62a2baa211b1de554057e0239b2fc7bbacae19833e88757c26e36dd4b2a043bdcc2bad2223862dd0
SSDEEP

1536:ijEQvK8OPHdFAeo2vgyHJv0owbd6zKD6CDK2RVro1zwpDK2RVy:ijnOPHdFa2vgyHJutDK2RVro1zwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
5072	msedge.exe
5072	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 4744	5072	msedge.exe	82
PID 5072 wrote to memory of 4744	5072	msedge.exe	82
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 4544	5072	msedge.exe	83
PID 5072 wrote to memory of 3640	5072	msedge.exe	84
PID 5072 wrote to memory of 3640	5072	msedge.exe	84
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85
PID 5072 wrote to memory of 1388	5072	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2d84b0bc0279a32bb602b8082b7f8a6.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb89746f8,0x7ffbb8974708,0x7ffbb8974718
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,18333256110767439593,11489127466081039745,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2648 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
7d2ed542fd5f2eab60e781ed8b9e1cc2

SHA1
078f855d94dbc3c72d3f4a254a18542631faddd2

SHA256
b634103f99807c621f83ca3ca865420b30fbaee5c922ef6a7385457070af07d7

SHA512
02725e850b6551002a5ed5424c811214df5a67674fbaea698001b462e53d15fd78d9d1714a33cd44082ce1594d2701fa16bd5d6f2d3c13ef0261c62f37f926fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
39d5f340c32287dc9d0632a96469a512

SHA1
e022f15ff0c9bcef5691dfe9dde37a9b69df1568

SHA256
8737e2c74daec55642eb18e78ffe32148970d6fdfa1774900c25b1eb1870e6ed

SHA512
5ddd34b7d8ef566cacb06f212a6a8d6007b07f7e38ea8fc443d6b88f1aaa199f4232085a942df5ed671863b2fca54b39b649d9439a19b4b943659501228b15e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f16c710bea156d61032408f8bf491caa

SHA1
a1a8fdcbcfd1ed8e3bd8f45a7879f98b63dbbb25

SHA256
a76d0e8cc342f82d7fe1cfca063fbf1d6d5b2c4c4413ab2680e97205153b182d

SHA512
1dae878f4ce2aa1368d8f766e493485a52e2b47ee273e0c88ad63af841a9f7f9a03566c2e052a0293de930db1b17026d23eeaa7559f6e2290f0ade1d956fb35f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
048bbffb2c54e6865ce8854c8331b861

SHA1
863733fd0973f5de1d098065f23da1fd49fc4945

SHA256
ee5aab6b7820a425521ce876edd1f992026bc2fd4f08752f48e339b58329dc2f

SHA512
fd10807538c54f3a6958d1f733129d9ea084ed9df34dff00250eb0b6d7bd1a54d4cbe19c04dd236ad0bed47ce634f310bc53a6f73a901f19e2dabc3aa755bd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eeb361a1270dced136525e78f4c144e6

SHA1
bf7c74063d021b7ebf5cda8a75cde3d1569a2fdb

SHA256
1c55ab7a1ecf0fe3a2d0bb1e5a47cf7846a2c2e95a514b77ade315dbbd61b4d8

SHA512
c65950c6cc2b1d008f7eee365be214136c0593eedc9b4d17799a2dc38d0e09a5af6254dd0a2408948b954f233fb7dba654b367971eca41ab7235eb948c6fedcd

Download Submit