e3970d88150a54ec167d5e5880ccede74874e5afed0d163b535df40ce73a9055

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2025, 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_32541e819a804db77fbce809c0a82ba8.html
Size

80KB
MD5

32541e819a804db77fbce809c0a82ba8
SHA1

ce5b8f1be3972ba0e3fbea7ee783b12f4ca2188f
SHA256

e3970d88150a54ec167d5e5880ccede74874e5afed0d163b535df40ce73a9055
SHA512

9f11615fefdda8123e72b02f119a69cb7406d5cb40695c3c499f542283741aca3fcab68bf86926a5783170cd98e52f90ccc43c71c6df9e5df4f82f05d3c2878c
SSDEEP

1536:CJAx8mRktlodoh2vy+odoh1GOZC6tMCscWd:CWOlodoh2vy+odoh1GOZC6tMCscWd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3880	msedge.exe
3880	msedge.exe
1192	msedge.exe
1192	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe
1192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 4980	1192	msedge.exe	85
PID 1192 wrote to memory of 4980	1192	msedge.exe	85
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 1484	1192	msedge.exe	86
PID 1192 wrote to memory of 3880	1192	msedge.exe	87
PID 1192 wrote to memory of 3880	1192	msedge.exe	87
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88
PID 1192 wrote to memory of 2640	1192	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_32541e819a804db77fbce809c0a82ba8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff984a646f8,0x7ff984a64708,0x7ff984a64718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4916563652285566512,2129047692542135504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4916563652285566512,2129047692542135504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4916563652285566512,2129047692542135504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4916563652285566512,2129047692542135504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4916563652285566512,2129047692542135504,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4916563652285566512,2129047692542135504,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
973B

MD5
a94909f80001e6943af8c10e5978f83e

SHA1
2176a87a7a85c579b73e1d876a00a7b7b3a32a1c

SHA256
8c57a4aed75b99b298c75c4424db1b48c38c635dc025768a103e1b75147ff6ef

SHA512
596a0491e44771009ec5b55c2d0ccc315df16b4030eabe7626738e8f6fc43e250f758ecd1b0907dd8f5492dc9f2efea024eb5815cf232a7f2f011057a09bcfd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
942B

MD5
0fbf5fd8517c938f53db359df098c5a4

SHA1
18e40e585815fd7ac8a27418b9ad2b38aaa572cc

SHA256
05ea4ee7df7a2e751471cdfc1eb1746deebe07bdceb7f6dfdd77747a579aef41

SHA512
87d77470ba17d910474c97564be424fc59b54e5ec9f4c335798139537e166a1b5b8ec53971f2e7a17e5bfac7233117d1e481fd8ece89d71bd196b0cb9470d5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aca945acad087d04267f96667e5087de

SHA1
9051b1512006924cd612aac3f23fd23b1733ac32

SHA256
4614602b4a89b0d38973a46542c7100d27d4c15f1a5c80baf9e42e9527c53a77

SHA512
ee75f555c21d6226d60489b5999039c96b927b3f91dd9cd9c32f350cf38da9b643ce2c26ae0fe03e323105bef7fb984eadeca255ddacc9b081bece80e0ef31e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a139ecc501ab503943774111ceae7043

SHA1
1df5b5188566ac5cfefaa9945e1dbc00742274f3

SHA256
fdd1a89d5f5a31192fa00a1d6a0d38a229693f004708d03eeafbbc46c6384159

SHA512
62334b07a6f58d5c498d60a8e0bd09381e03ff227170a1d693211995f6df77c867b4355a4f7b31f1a1cb02be03d4aa32dbbc7b7046d42544ee2bf15d8b6a0e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85844b58f4e8637ad150df038af72334

SHA1
83b80e70d2e352d094f4918dfaafcb49666ba9ef

SHA256
5034df819fc460a931861be6c348e77704ede7897d30f518c67444d81aaf765f

SHA512
7054751bd5c2d903fe07d1e67a5b2b45d8b0abb72246d52255489e6c1d6f18ff12c381f0c78ebe5093ecf178f4ae6e6f3c241ad19f0cd712568a0bcb0e2cb791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9348d57e4a565fcc33bbaaf5fecaa5b8

SHA1
7a5df61a44e1d87e7b3d370956b2c346873ea9d0

SHA256
23d277dfcb0a936fbcb8bdd5e0b68b32eefc98d46227c34538805ba5c304fc0b

SHA512
4ee067f4d91ab8bc0ab1b646b8cbdf73c041cdcc22a0ca2d4e0bb26a44618c3ec6a5b4411964ed30dc127555307745dff4b732934c62e069021acd93da3ceeef

Download Submit