ccf3b26c5558a31b6ac8c97e783a788f0fb09ca18bb53101723f63bd8b088fd2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2025 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_36f989a95ac43b869bb63ccf842c9ebe.html
Size

130KB
MD5

36f989a95ac43b869bb63ccf842c9ebe
SHA1

dd1067cacddd207aaffab8b721013fef3d3047e8
SHA256

ccf3b26c5558a31b6ac8c97e783a788f0fb09ca18bb53101723f63bd8b088fd2
SHA512

4beedffc4d59f0135374e5bcd7324e0e072dad80c7371ed0ebf91643e50704df44c858e1b4ccbdf4aa545b085ae15965f62c2d29c6e144dfde99077fff77c3fd
SSDEEP

768:2Jnk1ATx+Bw24Tp7rEi08B2JNCiZW0HI8JjoE5Jcsm09XWhCFAfDv1p4ODMtFAmT:2JZ5Ei08XiZdIXE5F4ZDMtF7cDO3DTd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2572	msedge.exe
2572	msedge.exe
4100	msedge.exe
4100	msedge.exe
4640	identity_helper.exe
4640	identity_helper.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe
2668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 3444	4100	msedge.exe	85
PID 4100 wrote to memory of 3444	4100	msedge.exe	85
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 1400	4100	msedge.exe	86
PID 4100 wrote to memory of 2572	4100	msedge.exe	87
PID 4100 wrote to memory of 2572	4100	msedge.exe	87
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88
PID 4100 wrote to memory of 4336	4100	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_36f989a95ac43b869bb63ccf842c9ebe.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,10681442618515775129,14699407482525660099,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
393B

MD5
b0656de44840113ce58034972677ad7a

SHA1
dd7a7199a9abf9e06e1d836d41801b6cee267075

SHA256
4ae686092b25a3c5962f81d6d932a8b08dda01a8f5305164e5f3677112ae8d55

SHA512
5e6191e70c3dcf7b5325b2a3b4cb5b53bb7edc655f44d669394b1aa182d4aaa1fc1b82ebb8b310f59d6184de53a97f2bf1b75ebf5544320feaca49cac2843fee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2304cf9c9f827e5dbf261f4b4963bc45

SHA1
ac456ecc197ec41d6d968a4e41fac56477880c86

SHA256
0b84b78aa5e8b987fbc86da2b565fd918060770ad98cbae07b6d41a320db0078

SHA512
163358010a5441ebeab60940344f72d8221d61628c8d34350061cfc0fff6228e5d7fa2e42e83593a46dcc0eccda7042e7dcc6c57b18203b5a5a418a1c13a39bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98134b8eff95a1a409b699564e37c6ad

SHA1
6489ad950a925215a1727a7f37680dd470e3fa44

SHA256
c2b0eaed37567333b3e61374d98e97a50e6dc759deae1fb2fa5c70aff61ddc8d

SHA512
b4294512bea9ca6b12fc0112b023ea72eea8f34993f3b8af2a5823021fcfdd02834c53ccfc713963f0a6dcee38b01f048a0a3cf39a1ede931e1368392624fd2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
96c227d6f9ef74db6b03549fe90058f8

SHA1
3dcebdd3fba94b936ffd8db232327d14ac3326be

SHA256
7680618c9779feb0adb7d13603ce64edadcde311b2819db531ea8e2e05677309

SHA512
6929e130be76914302d348d0efe55ce12140394ee609c42db5acb3feff968f12f72b72417621615d5fe95c4072fdb30078a39c6a1807db75f1bf0d7fb7e87f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39937d07743eb5f07d0a2bcdb7a7d124

SHA1
43baa55845657ac30383e535ab681862b23e86cd

SHA256
09549933478260efe45189eaba9f535783e5e80f8d5f317c05ef5462d521ed5b

SHA512
d6aab252d1f38f615c246023979c7c8d3f71f2e9bb75fb7adf6976f5aa4e45a01853e03e331982668077227fd0a892fb97b77ca8b94f9813f54f266b88844984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8381c2b8f7105744cde0f890a10e0b58

SHA1
8d7a032b8c4dc8a151ab2a1ffe2d2090fedff69b

SHA256
f5583f8b49c565d76f961c3af67c5cd8052cec5830e2c1ddc4eb4a204796330d

SHA512
fcfbc5cc80bf38574cc0006aacb07d85205d5a4d7887d359ae07fb38905d7f0fe9a4d06e4a6fb43f5a470b72dfe4715d3728394f08caa6ba1c920084fd788a3c

Download Submit