Overview

overview

10

Static

static

1

JaffaCakes...4.html

windows7-x64

10

JaffaCakes...4.html

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2025 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_8060df36514d30eb1b2c9d7658996734.html

  • Size

    127KB

  • MD5

    8060df36514d30eb1b2c9d7658996734

  • SHA1

    852be9e4a7962172c29600310804a78ce8308576

  • SHA256

    12c99350644cb80d4764a086848a98c65e19eb490427b1af8b5158fe310d5eb9

  • SHA512

    2d9f6cf18e1069bf179f7c21046883ed618300fe3fc97a67b7caccfad8d1259e4ad2a7ed75834921b3ecfcf7abeb29e6485d3d39225991855e09d3bd3affb680

  • SSDEEP

    1536:fkJECCHEOnqCaJnTD9BVZfF6QmQRVK6f5w4w+iS:fA6EaqCaJnPVZft

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8060df36514d30eb1b2c9d7658996734.html
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd10646f8,0x7fffd1064708,0x7fffd1064718
      2⤵
        PID:4724
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        2⤵
          PID:2324
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:100
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
          2⤵
            PID:1128
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
            2⤵
              PID:2096
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:3724
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                2⤵
                  PID:1976
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
                  2⤵
                    PID:1560
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3432472858499676961,13958780520630705591,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1648
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:3968
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:1704
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:3300

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        bf0b2725c0cd068b0f67eb62cbc3244f

                        SHA1

                        54ee5cd3bd0ae55707020bf40c4342736e310caf

                        SHA256

                        5dff0f70a7691805910a88ef91c9ecc338c6a27b818ff6b0c8bc6e0e8e381d36

                        SHA512

                        f622f17ddcf1a364bbe926fe427b1544c3bea200b65f24aee14a5eaa7b260e33f396ef07f2a0a53540dc4c0f5beebf431b6d7d0a9032890de13b99a2089b852e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                        Filesize

                        152B

                        MD5

                        e8cb3a8ae72d4143c46a67827ca0b7df

                        SHA1

                        171c2c090300f33f67510e38358077155a664f99

                        SHA256

                        7bf198a75746d630643056ad1571f0d46f6d069f7813a39888f7519b4b843e9e

                        SHA512

                        917d6ac30c1975f5266aa380baf9842575ad565c4399ef7da499e8f78d7300f6b1c4d3c5846d46b5c39fbbcd76097fe356274ce44eb35e8ca5c09522def6758e

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                        Filesize

                        120B

                        MD5

                        89ff888b1ace6f459be480162ab3accf

                        SHA1

                        7f4bb22e941a598b320d94f898cdd53c83145446

                        SHA256

                        cc14d9348c8c5a9ea571798dc93f7ce1a984262eb919e896ab899595327f9558

                        SHA512

                        23bc6a187e9625ca5105d38b4fb61d704a867f1f5db0305cfc1af5b02c0177a2573e8ca628ef4958f703982ebf61a936978a91b83f5d06d1afdea1957c80cd05

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                        Filesize

                        2KB

                        MD5

                        7a60f6c08172e70cc0b5a59629aee1aa

                        SHA1

                        ba0dab41989ecd9be1ca98fe92d67a512f709d74

                        SHA256

                        fec083c8d7a4dc0e3a475ec5b526930c98b1da14c730b21a055dc2f48a22d6a0

                        SHA512

                        b3e291519ca4303a005b0a0e0370822a81fe28a4d674767d616e49bceba4a65a5a31d37efbea15c1f396ed77d788d1fed8afc8b193d77227fe667b9477e976c0

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        6KB

                        MD5

                        cdd2fab917897327acbd3c34580bc72e

                        SHA1

                        e3e840aa1b389f9b9f4cd9492ca4d6c394d47274

                        SHA256

                        30192065f49d4c588584a602a10ab015de962e31c107ed5fa3dd35dfe16210b9

                        SHA512

                        8e62c63879841a0b72cdda92df4b19c9dff8dd6c82c93a8f122f32f9f86b67ed0ce3d53189e9050a3aaa9bb98f19f064532c0d509285f1d875774168d6dbd512

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                        Filesize

                        7KB

                        MD5

                        e02379c119b67c639839c34c3107dfb8

                        SHA1

                        54f8b98985cf6a7d7acf3324a6c1640e3d907c97

                        SHA256

                        5e566d02b235cc50ddea98489d6389210220dfa61792416fcf09252da2ec545c

                        SHA512

                        9ae0cf9702093d1c07f89fddd501b60d9c4fd63ce115a1ab368514174dce34a919137b9bf5dc07241efe37c545b26e8948e01a7be3b79ec0870f20a45c5e9d82

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                        Filesize

                        1KB

                        MD5

                        d049ff0611be68125165d55dba9cd6e5

                        SHA1

                        b94eae347e3a1dee63e2282a20785ece7d3e9f7a

                        SHA256

                        485cdb1bc54eb8ac8d54e5749458c0f907a556238fbc6467ed3f5c969dbd8db6

                        SHA512

                        5c9230b171da1da0fc42e3d6162bd0b0322be8f65fd8b8ab47020dbbcb69bba6dd7e8d8de5761838983e5e7068129d40a18e55bb8211be57d77377058b9157a7

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581613.TMP
                        Filesize

                        874B

                        MD5

                        2abd7dd4e512cfe9d043333ce7d0e9c8

                        SHA1

                        8b0498a729c81b3b9a5ac9f6a8ea9c4bcf1339f9

                        SHA256

                        cc344b28c987b65fc3f753d5c1e6559ea343751c2e3851045984e6ecf5798dd4

                        SHA512

                        f52ccc1c0088e22626e7faeb6c592f4bd1a38dfa060f50f5136dfe50f9ef5bd98dc90946f849756110e85de55b4ca0f7a2ea6e1719c791190be50dfe8a1372c1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                        Filesize

                        10KB

                        MD5

                        373966b13b499ffe1d18c594e979a038

                        SHA1

                        08d7728bbb0625696b567ab298f34b9edf34b516

                        SHA256

                        0af00ea1ddbc8cb8be0d5d639ea6dfed88dc207f43a12da3bdd0ac6eb22e0d27

                        SHA512

                        088a388af861e6b97d2116c23b49e98dc6bdc5c95b55bf404b21df9cf201a101b62fb273697dd50c6c4104e2d02e44b84a0e10fa902299a1806c02c3f9cd1688

                        Download Submit