0d4080b6fda6d256668b7a1b9c6b626a3f38630fb01b85edb0f0d8361316414e

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2025 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9184ff6b2d8c8cbe59a9b92c5de9bdea.html
Size

35KB
MD5

9184ff6b2d8c8cbe59a9b92c5de9bdea
SHA1

14dc410e3c452b3d81c5f6d1611101d7a527e314
SHA256

0d4080b6fda6d256668b7a1b9c6b626a3f38630fb01b85edb0f0d8361316414e
SHA512

74c95b60c0fbc34be6a74b264dcfe8334a343507b2c0bf46399489874266fcfe4e01411abcd20e9ea45ea34e8ee09a6395699756d5cff1e02d76299f2e0c108a
SSDEEP

384:SsG+bDxVkQYq8OW2QZhFutCD8BDm6PzzA/VLVBawoKoQcCFx0Jg9dkc:SsGCSQYq9nhBS6PA/nBzR70Jg9dkc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1324	msedge.exe
1324	msedge.exe
2540	msedge.exe
2540	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 1520	2540	msedge.exe	83
PID 2540 wrote to memory of 1520	2540	msedge.exe	83
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 4752	2540	msedge.exe	84
PID 2540 wrote to memory of 1324	2540	msedge.exe	85
PID 2540 wrote to memory of 1324	2540	msedge.exe	85
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86
PID 2540 wrote to memory of 5048	2540	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9184ff6b2d8c8cbe59a9b92c5de9bdea.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb12f846f8,0x7ffb12f84708,0x7ffb12f84718
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,295435033438415412,10245003050700603198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62e6ffe7501e581c80b178323e921b81

SHA1
d0881a3d0aee1c256291d34a90e3092fffa60ce2

SHA256
a4f50a6b36e27013a694382c996a1d3059d38310a138f21aa25cc682be5cb0e5

SHA512
0c4e34fc9a7c5308b1cd05ea71d78c75a9fb85267d7f3e5616dbc1390794941eb549bcc70f7430046ca79cc0055edf0bd51b8eb43f84ee42163dd34d612ba137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a84cd7925378cc74972cc4e677ecef

SHA1
30b4da4c5dbd0cc77d756d270ad260ef74987ccf

SHA256
7be0a4cebd74cb4d879e3f9950f5ac5a05acc3bdc415bbf9d3dd691cccee2cb5

SHA512
ef142224cc0b94a1c5585836988a0d544e7e8b5e8573a1893c9fac528a1ccbbab6c9c7acaad7cfec1a415544bbdcdfd1d0c5e0a0819cb94107fd81989df18704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
53e830adf8c9398031ca385fb0cdbb0e

SHA1
a06a10fafedc77c0720c197d0294a03388fcd087

SHA256
f2aa612884cc8de984b79b53ab81d8f252f3f3557bc7e9410ba703bee1a62afe

SHA512
d6efd713ffeb8442b539dae5447f68ec2c446328fc74754d1529e5f0724469f075d2eed0408f20757d6b11f003b7cbacb6053dc3b8723498979b90579329ebf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
573ff556886836401685e318d8f5cd67

SHA1
225e899a42247a9dd9dc64c98a364a314aeee152

SHA256
895c19de4751c3d226eb0bd34d7a90555e8187b2d2127f954130088e9fcb104e

SHA512
cb6a6dda7d99eaed68be393824909b2b65d745e0f2be8efc6838979b35c3c645cd527a2ce931227bfa39eaf5acfb91ce86663560eea67d4adbec3ecfa1eba77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f2f1dded683951ba863f3f7422b70c1

SHA1
b8feb753abfbdb4a0ed6f6b11c4fe7cc7cff9aed

SHA256
b64ad3a4aba15b66edd63f102844c76f68bac0006d83acc59858205f1b948993

SHA512
0c49af50dd00ef90d54c13942d08c50bb38c92f3467920648fadc1a1eb5d7b9d048495cb9dded5f7bd488baf1c55afdc3659a1604be2b3623e34423b59e62457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ebfa9d3e35fd28c04e3d6b38b23f784

SHA1
ef9d5532d310338a235e4586b9abf15a1cc331f8

SHA256
81d9c9504be55c4626eff806dfc8df4f65032094df3a2128b52573262ff7959d

SHA512
bfa308a5afc85d0b6aa5bcecf509476cddf48228d30689e8827bb693c42c673556d9f535a48900ec761e0e773dd25cbc261feab5a5468a45f68c111e885a5221

Download Submit