0ea825c0acb3a19a5b452d63afb4820af2323a08d43031e6759524b879c1b3f5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2025 03:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_13343d50088651ef31cbf22ac1de7513.html
Size

121KB
MD5

13343d50088651ef31cbf22ac1de7513
SHA1

061b54d31e1b1cf0bd80e18d752892748fe56736
SHA256

0ea825c0acb3a19a5b452d63afb4820af2323a08d43031e6759524b879c1b3f5
SHA512

08410bb90118776f557f0680659f3470b7ddcd72207079e2623d3cf1fb45af83243e1ef9266b7d663e6c3b55e63782914bdf7e03d11db8f8943c55bdc8534111
SSDEEP

768:/BOJEXyCeEZWCv6kdAqufZnVVZfC6muQPaEDLfDfF7ws9+w+iy4:/kJECCeEZWCpqnVVZfC6M9f5w9w+ih

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4292	msedge.exe
4292	msedge.exe
3580	msedge.exe
3580	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 2728	3580	msedge.exe	83
PID 3580 wrote to memory of 2728	3580	msedge.exe	83
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4332	3580	msedge.exe	84
PID 3580 wrote to memory of 4292	3580	msedge.exe	85
PID 3580 wrote to memory of 4292	3580	msedge.exe	85
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86
PID 3580 wrote to memory of 4868	3580	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_13343d50088651ef31cbf22ac1de7513.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9de8c46f8,0x7ff9de8c4708,0x7ff9de8c4718
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,12990535171107663554,8791134254558233368,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e87c8ff41e3e9259957736caa005ba05

SHA1
8b752a39247085f27237be97d325915e77112fa2

SHA256
a2962e9dde8fb0efb7ac84bd6f0bbde996ae37090100806228311b34d06ff76b

SHA512
f19ef3e47b4f9e26fd0ceca680a38ecbfcc8753dd2dc4f9844dd5eded984ece48550279aaf9c5a14c87cfc25ce1a83792a5fbf242184e931908fed60507f0826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a91a0ae0739a874c4947801ae61cd33

SHA1
f1e3a738e993022a2bc8d94cbbcc96de88d2ab72

SHA256
639dd232fe16f57ef12a1bc70f89ae2d0172bf5123e6f96d27ce93ff6a95f808

SHA512
f506882bcbc526048eaf437e84371ca9ca557b9ea7b672d76ec330e64f0dbbef47d9b1b340cee575cb110846f98672116863344d850605fc87405b1e18e3d13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7130466fa4ee6b34757e5eef7a0f4338

SHA1
a861aa96f84d9ab95e631c57480a23303ecc5669

SHA256
b1c9cf8567ad54dd329c69fe8b7ef3786774b4913b197dc345f59dca82db3348

SHA512
a1fab8aca7f3c5118c29b49e29f2447ffd7c52071cd971c00f888ca649d27ff7b33d244a5ad0d8d387a8b6ed050b4893e473978bc3abd06a87c197aee33c0322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
de1940fe3c83790c1d7eeb0888dbf6f1

SHA1
1a875f6a8977fbbc1f26e513c217fa301667a169

SHA256
41afcfbf10897defb113247d3fd931152c0085907d02d505c668630210caaad6

SHA512
cdf2de07a1466726676720c848be7e91d89277518c51b426929e552c920aeded470b4353bf8543b68822d2c5fb0f38adca2ca372691e90f69f3fec050ff51509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa2f.TMP

Filesize
707B

MD5
894dc38d664a3885f25f38e498aedc37

SHA1
6cde902cbab46acf59763a7fa0f60058807812a1

SHA256
e56be753b49c852954f7bc6d144f79ad15eb22621b9fb392edae580d874057b7

SHA512
cd34a947be0a11fb136d1aa3340bbcc4467f77996c663805b17ebdd4cb5e05d3a604cdb72c64eb4d8c14fc8335b633aa12ce3dfbfe24f5c181bed82547bca52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f089841e94a6f1d9ce9a601775ed4238

SHA1
0e36230589da96403391b5efa079105f870e7f18

SHA256
ed6e577f3297d67297daead4bb575f33c301d385806a8a65af5694ddcebf6189

SHA512
cf5bbba7893ae0aa91cb4763b07a01ae2b85e90c0c068f0771029815f5c91d169db1c3a6b901fe1ffedac267f5b8803080d40893eeef808adc784e0370585fcc

Download Submit