0c0cb3ddec6fe2888fe0f28c2a1c3803721186392792041deea249da92804b0b

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2025 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1cb632d222e5426f5c986f52624d5afb.html
Size

48KB
MD5

1cb632d222e5426f5c986f52624d5afb
SHA1

9578672cd234e5bab071015864f23946b760e3cf
SHA256

0c0cb3ddec6fe2888fe0f28c2a1c3803721186392792041deea249da92804b0b
SHA512

8631828f17e9f894c80828760983b31bdbdd8bfd33b23dc664f7100e3579205bcb06c3411453be11633a218bd639d041da9fdf14297199ddb6349bdc4a079cb7
SSDEEP

1536:ptUtUKuIMkUn2WwUAUUU0UY2B+UuUuUDUFU8QU5UU2UQU2UzU2UwUFUOU+UnUDUG:PUtUKuIpU21UAUUU0UY2B+UuUuUDUFUP

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
212	msedge.exe
212	msedge.exe
4536	msedge.exe
4536	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 5072	4536	msedge.exe	82
PID 4536 wrote to memory of 5072	4536	msedge.exe	82
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 2208	4536	msedge.exe	83
PID 4536 wrote to memory of 212	4536	msedge.exe	84
PID 4536 wrote to memory of 212	4536	msedge.exe	84
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85
PID 4536 wrote to memory of 1800	4536	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1cb632d222e5426f5c986f52624d5afb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff0e946f8,0x7ffff0e94708,0x7ffff0e94718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6900568698912525519,7719100382753600511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
465B

MD5
afc8a5d029c64577fb85e93a262755e2

SHA1
dd5d87d85d15fc9a207893c20e9bd7e1a7741049

SHA256
841048b7ed6c4e228341d4b54b7544ac7a904faba12332a9d813ac815a56ef13

SHA512
50d3fe0e51b1aaa0c50e655148ef2d1b391fcb145706c6a07477b9953e89b3de272c818107aa7610c40adc3e90f0eb1cf92e2746c0a94fc4d274a6662f63ee9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
576af5caf11651b3e01ccdc0b02c1b6c

SHA1
1c8c13eb378267b79f7d44ffb6c12cf135e417c0

SHA256
55e2c41e6dbb050faa930c853c41a42e1575e23bdb864e398794ebe3562cfda9

SHA512
2089807b8e738156dde1f1e7dac040fe216d384b75a64c3245716360ff83c3190b575c0fa58a031e739ccab54b288a1b52f1eeaacd27aba6ec34f2a25fab1b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a181595b9b40f980b2a355e20bf1568

SHA1
31ba6d16a595cfbf2ce962ef8aaee12a3cfa6d79

SHA256
4134c3357c81f8f1fb8da24b43d3b0771362f0c35a0b4d98701d39748e53b83a

SHA512
0a6cda1144243e288b97e4eb0d5c0e1a7b55be197c1d012916a56f3d20d1ec4729469a910cd8329adc65bc901cc3a12fb680208c9fd2278e86742b16e27e8968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c88ad20f9219afd1c607aae88f891978

SHA1
1af239eac212c3035cb50993401ea8ea537f0955

SHA256
67ad2635cf1d204848ad956d33802029cf7cfd3fbc4d82b33713020014b39f42

SHA512
1394a0dabef1d596e4bb5af9b8d1376a30f8dbd5512ef94e24c805cb23fe4997c975d5bde65b89d8a103b2dbbc2ce05f436e97e6d1804efb86e1f2b5e4c65ffd

Download Submit