75e416130b32b9a631b5343e6ca6a9b1e0d460ce128f1d1814decf2d426024c5

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2025 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_98fb87c7d1e19ada92141c4e48806ce2.html
Size

130KB
MD5

98fb87c7d1e19ada92141c4e48806ce2
SHA1

25a08aa3bab3beb859400397f8417b965dc54242
SHA256

75e416130b32b9a631b5343e6ca6a9b1e0d460ce128f1d1814decf2d426024c5
SHA512

40fb4e986b630e34024a989df6fd47a3d92ea80205ee13de2327a739cea51b808684a46635fbf9b7352ba507826a106802cae52cafc44a73af958866094d9a13
SSDEEP

768:2ok1ATx+Bw24Tp7VjoiJRidNCiZW0HI8JjoE5Jcsm09XWhCFAfDv1p4ODMtFA6ck:20H0iJTiZdIXE5F4ZDMtFbcDO0t8Ff

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
4472	msedge.exe
4472	msedge.exe
2456	identity_helper.exe
2456	identity_helper.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1020	4472	msedge.exe	83
PID 4472 wrote to memory of 1020	4472	msedge.exe	83
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 2820	4472	msedge.exe	84
PID 4472 wrote to memory of 3272	4472	msedge.exe	85
PID 4472 wrote to memory of 3272	4472	msedge.exe	85
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86
PID 4472 wrote to memory of 3944	4472	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_98fb87c7d1e19ada92141c4e48806ce2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfa1046f8,0x7ffdfa104708,0x7ffdfa104718
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6135121716325075586,11947265518986956257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37d04af7fe040412c05f24f2c6cd8f2f

SHA1
2443f06f4525f3d766514f122857ecc74fc2941a

SHA256
1ab5a5199a050f7d642f1d2793d42657778c954a3fc31a799cdae6b5439cf725

SHA512
b3449a38062566d668b5823876a48762e67959723fd1ee37168f58d150269e25300e43342611a72052b956a2602c44ca3ceb452eed1a4ab12b5f752461e32555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c76084ef5a62345ea5fe42f496230ce

SHA1
ab677a8684211939ded110b61dcecd68d3e0b606

SHA256
1db95ee6e5eb9737bfb6df17177540cd05454c27f4fd73c916c39f690f749c76

SHA512
d0c3578750ae89785645d31a931c598c8dba7035a17b6fb9bcd3ceb76a69c8dcb4b23ecc89ed85be30599382db72d167bf91313ec44b59778247537e14cba66b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
394B

MD5
3f200f428c13cf83e09c354565715902

SHA1
3fb92c4acea3b2bd22cce24e3fc5e0aaf17f4297

SHA256
c7e2ce5230ed3fd7cbadd3143e01d25df7271b8a1b7fad118d3354e42fc98021

SHA512
ec6cf1553aa69da9e65cd56b1747adc5667e712224cd18350de26397e2b899510306412e44d8afe7a27649922b4c3ccceddc540ff7390b4f57a2c7b36558f41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
579527097929cff42bd33ec346443b20

SHA1
3d4bf3dcf6be6850c7f5b7171aa89ec23c3b07ac

SHA256
17c385e919bfeb50f2ce02c7e7e3f8b4754cf53dbd40d4672a4ce097867b9dd2

SHA512
b8f54d1088f0d9e748a0110fc6d83e1044d3e9b4d2289b6a68c8c4f8f2715f8dce3cb54dbf0646da6d7e3c3f5a20b01778f38d20169cb9b454897b0c0968375c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
452106526acfee368f8734c0c8506de3

SHA1
72c5e966419aa53966f41db54f830af9a1d83f65

SHA256
92b6c4deaeb69fcca6df33b041cbe64f9f08c9fee3cf98d0b03961ca6f3f90c7

SHA512
91f3da6a814fd3b225e37e758d87053a643d2dc70e4c512a89e9a3112a25b644a223b0b4d8e94c53137e7bebc886103942fb8737ca8a79d604a39eb266e8cf31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12a6917cf2ebb74c7ba492a3aa2c6e80

SHA1
50b0e633f8e297b3796178f0f490882f45ffc16f

SHA256
8d933d27851c2553e384861879e6a50332c0cc122d60ca419a510a27e7b864e7

SHA512
aee0fabac13b40209cfa083318c332ca69b0f97bd297afd11d650eca7c28f1e4d5504487e0ac5498e091fff37fc5071e333221b8ca5237672be08db9c1647f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
130dc5ae62110cab6ffa0265fe075428

SHA1
29ff0457dcdf8a1812062b6d11802979776e6d4b

SHA256
d319e59ec8543816b125a7f8860b096f12fafa9c2d609ec376b500672d157868

SHA512
ec49b5d9c99432ce85a94efe9a8a8f19ca637593afe6cf8e261b4830daa597a3778fbecfae861723e54935b87654e70a92af6472da0c785698c05c35cb1cce96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0fcf3433a3115e072cc6ac1a64a72c77

SHA1
2d1549eca6e7c5d72f6aa889e2862cbcd5c5fd86

SHA256
a30835cd83230e58d366f7cded4a2770e8027f8fe71bda4d76c8b5cbbb4093af

SHA512
3558d09278cd337b15620c6d4f2bc6062c91baa9a26bff016af4426e58b34ec21485fdf75168c97eea4bf9f43b5c7a12bdca10adcb2ecd4b572d67d09de9d377

Download Submit