a7d80e15939066a046c3732cd0d14829d960da5b22a5e40e11207f7eabfb7240

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30-01-2025 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5d3525eeb2b80e28d18004d5d118f450.html
Size

134KB
MD5

5d3525eeb2b80e28d18004d5d118f450
SHA1

a2645baebb1fabd86a412bfff1453e4ca19215c9
SHA256

a7d80e15939066a046c3732cd0d14829d960da5b22a5e40e11207f7eabfb7240
SHA512

4c609575bab7ba81fb0a46a8a1be6ecb9f31f0ffca658f636b63e07a79515bd8669ebd4d1bae6da58a209777d3d5fe984429c6d5a5b2f2a1e0935b9a282be7e7
SSDEEP

1536:2WHD6y0n4TZcqvo1UJdcFpa7XHcDOatBDm:2AusvH+FpabcPtBDm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
2504	msedge.exe
2504	msedge.exe
3308	identity_helper.exe
3308	identity_helper.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe
2628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 4784	2504	msedge.exe	82
PID 2504 wrote to memory of 4784	2504	msedge.exe	82
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 824	2504	msedge.exe	83
PID 2504 wrote to memory of 4852	2504	msedge.exe	84
PID 2504 wrote to memory of 4852	2504	msedge.exe	84
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85
PID 2504 wrote to memory of 2328	2504	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5d3525eeb2b80e28d18004d5d118f450.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbc8746f8,0x7ffcbc874708,0x7ffcbc874718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10466990065614821732,769422445039719068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9013b8bea41aa2c8fa7f4763168069e

SHA1
349be86bde65cc0c3a15b2b21b6eaf2db452e92d

SHA256
6245436fe808740cde15c227fcda465a37a52f17f3642a71f0abbc466ce5b466

SHA512
d23bc18adb6acf9eb36fea85becb7b1a004bed034ef443acc3d442d1364f2ffa17f57e8eb6eeb1702dc459c5c16763b4e72249e6a326c9c36800d3f395fdd326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
908f9c2c703e0a6f81afb07a882b3e30

SHA1
53ed94a3145691e806e7dd8c160f5b459a2d16ef

SHA256
4436bec398522c5119d3a7b9c41356048c19d9c476246c76d7a4c1ee28160b52

SHA512
7af7116a91c8e3dfc23db8a78d7aff9a8df8e3b67df7f4ee66f9380dba4d1e66d980afaefc5dc2d9034ab5c0b7c6934400feb32645373f3ff4f8816414ae6ff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
50b3a7efad3cc9e54a588517607e3bfb

SHA1
c35bb68bc0ce8c39be8db89f00df630a44ddb27b

SHA256
b792ea2c093f429ab829633010346c496f838f38ac5f6a3b26a84056bbdded07

SHA512
7929ea1c3a695aa5d3dc3a6421e469f1d0adfa10a8d0b1e42dbb234a49b9c2faa226689db788054283b8355b5868aa78088b2b89a17c80e3bdc8e2af816c57c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58a4232eb37e95170686b6c8448908c0

SHA1
ef4f841276f9148fae67fad1001adbc77a75689f

SHA256
9522b61da6d209834432a973d5e2d507cf264a99accfe09156595869dca890b6

SHA512
53ba7342a91ad6252f8a03e58ede99ef5766393c175c099a56da6caae35dd46b086293c235fc63bc57b6c61e10d07f46c6f136fa34b5ba7ba18dfdf72c814445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
392fe2513b1eaefa787469765d8606c7

SHA1
86adf9c4f485dc4542dc5d255b5964c6b4385323

SHA256
8b03e8a60fa00cb95fcb4476c124cc5ffaf8cfb3c9da0ff2c92e09a92c3e074d

SHA512
3aaff83c503bb9d0ce651b9a993ac24767c7fc09902c4c8de8ed458bf25c0e9ff77a1f62dd692a401f63c287d60e27451641570def9f6e81d27843a02406cb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7ed0651ecb629b78b0fadc8dd527165

SHA1
9fc910cc54d7a9df0004afcba0f869fedc313c4a

SHA256
4690c33fc2e6204b42622b28d84566bdf60343c1062b94a027d618307590aadd

SHA512
014cc06c2ff710dfcf305096f7a7974db7a2c3c28e1c0aab397a0e22d206bcf34bc1f792ffbce1580ab9ac7c9ee4e8d6e97ab7ec6f01500af8a695a3b933580e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
000d1ba06f1c724c6b57c0beb137812f

SHA1
9917d83af8effa00fd8b9a8c620d714f98feace2

SHA256
7244f74b24f1dbd0726dd91a0382962b2ab576fb00fb7c5276bffbb65a58f09f

SHA512
38a9710ec15eb9dc5ca6d30385b6b9f73cdbc9470f3c5fe45482c265544ed2cdec8789304070dce86a9a715b82efe466349be51f2a62639acaaf8c49930cd14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb050721351e10f4e29456e42c91e34b

SHA1
27a0017b9fc8f4073dc9eb05075d3ac16ebeea17

SHA256
91ef217f69d74dfd6c706536c21333d2e4c9a552ff2da9312ac5d46e0d64bdad

SHA512
41daf7b50f9d90dea3d4c0a1c99e3906db406873a19b4342aacd19c88035c5fe49ba0169346706266df75c213b0c09b69c2bdc643b9ec8af1a1a3f221ae2c7fa

Download Submit