4cf73f0d8d743135a43af2ed1d7bd621cd5e983336125b15cdb697a3651be1a1

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-01-2025 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e6e661510efed9020d62449f2ea27091.html
Size

110KB
MD5

e6e661510efed9020d62449f2ea27091
SHA1

09ec25204dd054295495221e9bd5203e3fb25e6b
SHA256

4cf73f0d8d743135a43af2ed1d7bd621cd5e983336125b15cdb697a3651be1a1
SHA512

9a2942561ea7dfb25b4a7eedc2d4134f8539e0435e84d7bf60c0d6872a89a4598e5a6fba1a90fb5a16a7d8b64d3e17decfc6c35d02a9dc5886d3a880ff2a7cd2
SSDEEP

1536:c3PkpoYtRBUlO7nrzqVAn6bqhkr12iS/j4GLIE2IyoF:c3PkpoWLjnrzqVAn6bqhkVAooF

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5076	msedge.exe
5076	msedge.exe
4300	msedge.exe
4300	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 3932	4300	msedge.exe	83
PID 4300 wrote to memory of 3932	4300	msedge.exe	83
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 844	4300	msedge.exe	84
PID 4300 wrote to memory of 5076	4300	msedge.exe	85
PID 4300 wrote to memory of 5076	4300	msedge.exe	85
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86
PID 4300 wrote to memory of 3000	4300	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e6e661510efed9020d62449f2ea27091.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe9e246f8,0x7fffe9e24708,0x7fffe9e24718
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,483318644877594309,3870321655359048323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
524B

MD5
6d44a3f579c8a326e2795d22f00a0aed

SHA1
2222c486f297fe9d1e20b5dedbb454f30e3f610a

SHA256
9e7e3a6ececf183cfc0875ecdd1ed0601d9512e0789537341e4ed3b243b38013

SHA512
25dae22b58ab45186af9a6978df72ef2b211fea16fc0932688663904d27233ae46df9d85d737e1e2c63d6af648804067f0be0ee3bd0d8d7a53f7061999a8e4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5fa68fcf9fbc8c82387e0401128c7bee

SHA1
d6f81910640b146c9409d529a07659e8b4408714

SHA256
cc2c7a50ac6202c590141cca57eecc5da2c75b9b7a4d306860f129ba243fdd7e

SHA512
545ec179ae19e5850b629b0350e0d07f76c681a738fac0a7b7dcac71d4cacd36b5c6261e073ad61696d45284bf677ab605eaebed035fdc8c4cde7c4dd5e06e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5813b36f6afbe0f8f14edebb80ca1bc

SHA1
a51b199d7e88b6756377f926e8b99ae239db1f95

SHA256
1605ae00dc9258801ddc21923057fa2f1103bf4c40a729fe8f6b7fbf31beb0dd

SHA512
9c1b001ca046199601c500022bb15d500c20c8231856fa4d26e2f0aa8e04a0906899f656c4dbe2f71140709672a5428823c4f07bc43a9f3714bd104573c8af5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
28be64a4e18e53c3e6d9afadbe644cdf

SHA1
f8edc4a66b1284d12ae1d4d231eeecfdcffc4197

SHA256
f870d48f6b69522b86ef9a75748dc1d13ff1e92e4c1607056987185b032ceb7a

SHA512
080d08624d2cb2d045d1b4dca7813e8b6aab56968fb82232088506a8dea335e580e5749960b6dd466eb6289786d25d605d39e09ce5b6983289801527b21d5f5e

Download Submit