187ceb0c9f5447b36fc13b6daa0dbd606727d4ec6aeefee01f16d054c3072a9e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2025, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_563c55177f82538d01a2b96d8599ce57.html
Size

85KB
MD5

563c55177f82538d01a2b96d8599ce57
SHA1

4faac76a30ceb26e3470fef467a9c8aa9de72e68
SHA256

187ceb0c9f5447b36fc13b6daa0dbd606727d4ec6aeefee01f16d054c3072a9e
SHA512

6ba03ed1ce5a646202430d9f22b0d302a56ef6a0c0018d011708fc3d49ab1c240466ca8135f9c57ef9898ff5fe56bf3586b849a64a75d481c28ae6ce5ec60575
SSDEEP

1536:C6x8m/kVlodohivovodohLB2SXVCutMsf7td:CsylodohivovodohLB28CutMsf7td

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3872	msedge.exe
3872	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 4680	3872	msedge.exe	82
PID 3872 wrote to memory of 4680	3872	msedge.exe	82
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3968	3872	msedge.exe	83
PID 3872 wrote to memory of 3620	3872	msedge.exe	84
PID 3872 wrote to memory of 3620	3872	msedge.exe	84
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85
PID 3872 wrote to memory of 1600	3872	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_563c55177f82538d01a2b96d8599ce57.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff807a246f8,0x7ff807a24708,0x7ff807a24718
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11008523032497003997,4691047220727796915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,11008523032497003997,4691047220727796915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,11008523032497003997,4691047220727796915,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11008523032497003997,4691047220727796915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,11008523032497003997,4691047220727796915,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,11008523032497003997,4691047220727796915,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4928 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
942B

MD5
8e68c84b13b1891e7729537e97189179

SHA1
93b0e8a858e4872f2982e0f531273b174065165a

SHA256
6e118e79e92c9cd95928649d926d385ba63c1c3004f30e0c377300edd6b5bfbf

SHA512
2dd73e053b4526385cd9edf466a3768e98485fbae4bf68643251771ca2af4c4aa98ed7f4f7ff0197cc7682c0d42024d6a83a96c7f5c51cdecab5eeb67e8e6471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
942B

MD5
9e5a8d10fd4e5e1560c5c34ef2c882ce

SHA1
e9e63471a942bc665f2fbef31d28a28ee732ff77

SHA256
fb44a6b4f7905b3a46fa70287de64069d4b553f050077863be76eceeac6c000d

SHA512
68f01b6fda295853feb44d75d1705a548ea9b6f1bb2261eb632a77983216cd86f1cafe510ad1e5c801a8382832d3165a1868e66211dc736590404ea1bf69b88d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
973B

MD5
98b5f300a373eb5fbf938574be3c1e18

SHA1
849c7c6a4201df34c69da780cdde2d8b2f4c033c

SHA256
3cb00eacc2c30e2d7984a645544fcb5ce6991529e836bfc8e1ff5467de217299

SHA512
226b3845434979d951562551342b591750c7e1f94026bbdd78c81a55ad03ca21523a53600445337c38b9893ec3f7e0deb1c090bb8e8de8ac4c9fcaf42d0801ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e91f465a7dcaa9016f72522c57338fd2

SHA1
378519e23b8900055f7e58d3d79d9654b3903228

SHA256
d741a719ea2469708fce0541da78208506e21b12f11f661f057a36c632b12821

SHA512
d8e26d9e3cb7a360199b0837e7fc4c918e75b865b340d6f0f32ff87dcc9e899acf117a13c219031dd7715b8fde6dd6897f0446519e0b4ad229a08b2c50e60538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2016cd01f1debfd2cdfd4b96ae904372

SHA1
6225e8cd0279ddeacf569b6c7afacfbce8bf1e9b

SHA256
45836c062cd77ef434c54389de29f7484a7bb80bdce87c49561c6a6d68918034

SHA512
0b138005a3fa69e8eab4b37a1fdef2d5df8ca011d3963c05f562479591b2d79d271b72f7270065e764d78bebc64e0940441e2784f47492330d1cc5bc060ebfdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69c8b35ec094422199914ac76938206a

SHA1
13636b264d0877e6c4d29266dc90e3c926e1d8bf

SHA256
0df3d5c07c648cc6b6919fa09decc1f2931b19a12d410c26be93b1b0c8728a08

SHA512
b7d2a43617f3a8a7ac52ffd946f4d308b5c3da0f4a3eb56a5f2acaf00d11778c257d07e080f71622fedc632e932a424b90efd1feb0948e79af0f23bebaf254fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
97fd2f3f2611d657b3e90df9c52a7b6c

SHA1
41f933164681b284ef84172e859aa7a87c1d6113

SHA256
6ba394a628145203f10bffc1bf30e998e1599d7b153b8ba901574e694a0a524b

SHA512
347d53a35381c09ac96176b0a25c601ea1dcfccd63b6a59cda06e7a696fc35034dbcc12a56fd827e7b1df6a171c40ef3a4d8af44cabdd6fcd2a7beb054da6cb3

Download Submit