cf76e46ed3f16d07ae4e7f5b1a6db554b55d5fee732af4f0947804f18903152d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
31-01-2025 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_686966d6bc41289ead6cc1a4ca1ee3e4.html
Size

155KB
MD5

686966d6bc41289ead6cc1a4ca1ee3e4
SHA1

629f63b48f528caf19398e354d84083a120d5db9
SHA256

cf76e46ed3f16d07ae4e7f5b1a6db554b55d5fee732af4f0947804f18903152d
SHA512

be363306652310e93ee7e42fb71dbc4a8265022423a6a7718340740720509281bb6c6b406bc39926dc550e9b1c2288f98cab45dddcf85202a3e4fac2e5756d76
SSDEEP

768:2Nk1ATx+Bw24Tp7VD6KBIuiThWcVI0Hoy57EUJ3uCmWDrODQPydd7rxq0pa7XE6E:2bHD6KBIocVvo1UJdcFpa7XHcDOati0b

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
2044	msedge.exe
2044	msedge.exe
1184	identity_helper.exe
1184	identity_helper.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1432	2044	msedge.exe	82
PID 2044 wrote to memory of 1432	2044	msedge.exe	82
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 4652	2044	msedge.exe	83
PID 2044 wrote to memory of 3976	2044	msedge.exe	84
PID 2044 wrote to memory of 3976	2044	msedge.exe	84
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85
PID 2044 wrote to memory of 1992	2044	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_686966d6bc41289ead6cc1a4ca1ee3e4.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb551f46f8,0x7ffb551f4708,0x7ffb551f4718
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1610540156153631638,4479492337487626197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7b5a5433fe76697fec05973806a648c

SHA1
786027abe836d4d8ff674c463e5bb02c4a957b70

SHA256
c8d623536ebdf5ffbefb84013d1c8ff5f853b59f1b09c80364c32b8ed5e4a735

SHA512
27be4c82e26468bbb9ce698ef305320f6cac46c953f88c714a0372fa524d098b9af2a87a88b14a134ff0f5f4b3d671902908622d2c7ec48e2c7bc458d7f5cc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ea156392347ae1e43bf6f4c7b7bc6ec

SHA1
7e1230dd6103043d1c5d9984384f93dab02500a6

SHA256
40b28bf59b3e2026ad3ebe2fecf464a03d7094fd9b26292477ad264d4efc1c75

SHA512
2479b86a9a31aa2f260ff6a1c963691994242ced728a27ffa2ee4e224945446a191bdb49ce399ec5a7d5d362499716133072e97d4253b5b4f09582d58b25144f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
07be29d344de7f107b851020d23236b6

SHA1
481ae06f7fa84792d3ee070c66b0bfc63ba4f6b9

SHA256
bb45620c54349db853794f827ecd2bc661960c3927f936dc3571d8b736033964

SHA512
06d958debb214f9e2a954b83e3894dc967b379f8a07d4d7a2d027d21d734a36133ec9a9eb7306210cd033b18579cca0f7a7fa39b18535452b0b2e241f3f695fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
459e401decc24d16c0d194c3670f57df

SHA1
2d9ceaf458539774efae81ae8446baad1c375e85

SHA256
ebedc474e7c6f871e2bb2c7ccd3f7f3c20942057240d49bee928bf64c46e75df

SHA512
b1e846d96a2ba6d4590074bd29006fc4de8af165b0b639272335c80cfd69ada08603e18f2741ec5eedfd76ea3615fd7f0a622d8a4bf3450dcb6a751845a9fb74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29fd785e26eac612f44ee68f48c52abf

SHA1
7e39b678daa90b8ec1b3506506b4910e7b68024b

SHA256
803351bc7351abc43bd4743023aca6af010bab91551c1fec0cf7332a1c16129a

SHA512
4e82ad00634d870942419f35a4cf90769f9d876b0642b0b930b201d2c39556ec15e3cd16a401d8acd129faf98f6feab15578da8a951ae0a49396ab7fcad546cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f632bfc22f4e0da3e8764f749fe689c7

SHA1
88870b11db4eee35b92bb86e68b2dd35a0a76afa

SHA256
c328e7bcbdc91d3540df0e3f97a4e1d4397557ff64e5766a9c52a57348e76ae2

SHA512
639fa0155417605dce85a114fba94b70217afca08de61e4c2db293aa464f16e99bc3a0c0536d471b0d4a24260d5b5f1413b38dd2a296aabe36802688d98d37b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
70669e6e1057263571bc23a1847e9740

SHA1
fb082f54e59d870caefec914976e64957a42d8e9

SHA256
48030b380bcb3f0875db49a43211f0e9db547f9d2707580d2bacd880709f55eb

SHA512
d662da6a952168b407ff4f6df443fb6f27c9d40f120110c744d5a397fb78644e206ddaa587fc448ea188371068cc1ef44be7108b9654e9cb51fd995ebcd2a806

Download Submit