4d7d4e4364e00149ef2b96336488d25bcd2b21b7db9ff4c201553be90ed56157

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2025 14:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_363e83a90a006dd0b9aae25c1a85ee58.html
Size

207KB
MD5

363e83a90a006dd0b9aae25c1a85ee58
SHA1

059025a5c176d080eb1f26cb1bfb68ef66ffae77
SHA256

4d7d4e4364e00149ef2b96336488d25bcd2b21b7db9ff4c201553be90ed56157
SHA512

c5367462e7d72aab0ca948e989851abb966851d68b9894f65f9d9b26398cff111f89431b5f74f82dcc054682e9484737fe8e5a37ee454cb4274335fdae653a54
SSDEEP

3072:C5Olodoh2v+Oodoh7xZEYYa6v2Dm1G0rrGEV3ZHUPMC6tMbyc1d:CTbHYa6vGm1GyGEV3ZHUAg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4064	msedge.exe
4064	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe
4064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4064 wrote to memory of 696	4064	msedge.exe	82
PID 4064 wrote to memory of 696	4064	msedge.exe	82
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 904	4064	msedge.exe	83
PID 4064 wrote to memory of 4444	4064	msedge.exe	84
PID 4064 wrote to memory of 4444	4064	msedge.exe	84
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85
PID 4064 wrote to memory of 640	4064	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_363e83a90a006dd0b9aae25c1a85ee58.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb4718
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16382828192401032472,12086633703808197600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16382828192401032472,12086633703808197600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16382828192401032472,12086633703808197600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16382828192401032472,12086633703808197600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16382828192401032472,12086633703808197600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16382828192401032472,12086633703808197600,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
972B

MD5
bce7d5a2dc2285aa66b8ab04d24c346d

SHA1
9613ab79b6a9c96aff7219696087c169cc7a8603

SHA256
42525f59fbe19f64b457628b82aeb2e4511d4729475394a6ab267ceb97af02e3

SHA512
d751d50f389720fffd6e644fe3758a3dbe87683d240203f793b387a76bc898c9e08dea9526bda5928f7da0870383cf5de9372ca03809863a0d2072d3e415b415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
941B

MD5
7a6460ce8bad25800703877d0cb1db54

SHA1
3703f4b68c8b6f48919efc3868bdaa401c123b06

SHA256
17002e65f013986e4f4107653620281e3a85cdefe2dce7c3109f0f9ad1136190

SHA512
30077803270a80f01ede32bb828a28aaf7cf071c34da96f26f0e17b0352dd94d64b2fbe59321171ae95812de69e0523edd20db3731cfce5c7c1bc921bd210c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4daf724a7a30131af86192ed189a6256

SHA1
13bcdc1787b4230386a20cf01b9a16129669b7db

SHA256
d9396a960e9419599010e013f3f0950e16e0b7d3cebb68cfa0f5ffa9f1f185bc

SHA512
7d1054caec2fcae5eaea0365f5298d18706d05635475a236e7682bcb06bfc28cae032fb044fb9dd9ef1bd9c55cafb9b9d1b9fc5b4b69d439f3bab4663d84c470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f91604559aff1a143c9f5c04c1593efe

SHA1
1410ed2c2d38dd27ea35800c90845d23da534601

SHA256
693958fb1142404556cac32366c772a0695ccefb05c9fb71a90bec4b69faa281

SHA512
d5ee6191deb12dbc671f22d984e781902b12f05bdf3751fccffe7c0377c37966c9b4c51a7ec7ae46bcbc136d04b713beb0a8459cf742aae22e2998a5c9966e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d71bf6ff9d81f360e3e194b00ec327d0

SHA1
3c3a7b52b0f7160ae0a3c2e64b3fcecc59091a91

SHA256
2286f2bc7b50812f7e1bd1512a71e8a87c1c3e2274ebb228e9e8c94a97471378

SHA512
a61fd15269fc416f97019cb8feb2427266415cf105f7672bd473576767bd63ce8fd35099d837d1b4b41e53e417f830c6eeba71d617c6403b29e62e36ee659543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
86b9ea3a8320d225808c09e0f5da1916

SHA1
c8ad5699e18ae88daeaf0f7f2267c585e5b7b6f7

SHA256
d789307a091f8a153a9a0094b064d3566ddfb72e2e6a28f6ff59ebf4167c2b42

SHA512
788c47178bd8d5e66308c9160b6961c3eca67b370574137f0326ce8f37f29f1b002e2fa6aa4f760052965210da3941f37d58e9b0520fabe9c48b0f2e5a3814ef

Download Submit