135d8aa2fb904945ffeadeba2aacc0d70523810e3b386a0149e01bc9559e6eba

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2025, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_981e80c1cadcc7d0bbb0240fc9065e9b.html
Size

11KB
MD5

981e80c1cadcc7d0bbb0240fc9065e9b
SHA1

4e936590ef9382e91631bb74e2f764d4b6ae07b4
SHA256

135d8aa2fb904945ffeadeba2aacc0d70523810e3b386a0149e01bc9559e6eba
SHA512

cfd5690af928a9d9e1267163ceb0ca7828aa507052569105f3734d85016f6df81c484b0b4b5fec54e98e96d15af76b27a3d53123a54961a6163670a70136d3cb
SSDEEP

192:2ValIsr0r57M4xjT8I/w1wvqLkt1/6uBuLbdU8d:salIcIQ4xj/gq/6guLZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
3252	msedge.exe
3252	msedge.exe
4616	identity_helper.exe
4616	identity_helper.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 4728	3252	msedge.exe	83
PID 3252 wrote to memory of 4728	3252	msedge.exe	83
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 4532	3252	msedge.exe	84
PID 3252 wrote to memory of 1976	3252	msedge.exe	85
PID 3252 wrote to memory of 1976	3252	msedge.exe	85
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_981e80c1cadcc7d0bbb0240fc9065e9b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9b0246f8,0x7ffd9b024708,0x7ffd9b024718
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2420 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,15336561566015402292,14058033600175732981,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0504c0d0b9c007a767de8a404f2ec484

SHA1
73b1066ce283079341bc94a3e5c65535f0523145

SHA256
3469f4679beea250ce59f3fa4721e48f81587735f44e0fa2b70638b78dbf8a2d

SHA512
c6c0c6edbaab3b92832c4140916e99ca6725b79e5d3a43ad59ebd94a567458ef79923e2236b43344ecb6fd75442d0c7779b024edbd1bf9035a2a86ba7e5ce606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
50236cd957789ed0d1b6564c7f0ecfae

SHA1
4c9e4dac57ab9ffb5bc55154d6ff89f1e6c1d5f4

SHA256
5820467c07d06249a1462b7c9deeb0801a8a6475ea19637397b9bbbc95f90fcd

SHA512
1cbf4be5224fecf811bf81361d6d282810de016194b17e2002d510287d384048272215b813838912eebcdddb1f657ade0aa3c122871c9d636b6a8fa8e74535d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c2482c499a27d2732cc20eff0b33756d

SHA1
51f15e5349d6653eb5b587722f49202e7d5afb51

SHA256
0085bd8fb946dfddd8da33305952ba4da6325e4b27f9056737dd3e5bfd799158

SHA512
050f6677292c096ff706589b523ebd94136182ddd27268f03d27ca62fe316062674492ab25e48347bafcbb44e98657fbe2b8b29df9d07ff96722b54853fc3b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
ca3dcdb9c521f8ea0ab2ac41ba4c3c8f

SHA1
3ea90945ed039d03e0462bea76616b4f04416253

SHA256
ff45a03dce1ae835ad9a73ebcd2075845972b39edf5d2eef70dce218672c4b37

SHA512
e4b9baeb3ff1ad051ff3d7752fce4f6a7c662962f3e285500a02d697bbfce88b349663ded06cd3592d0caf2faec307d8a4d301c859bdd1d38f181cb593894e19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48b7299651b8e7490cd10920be6c7bff

SHA1
f7ccc5100f12132c4a16d4a9577845a12725d7cf

SHA256
ba3a199446bbbfede064e457792dab02be5008596f38c9e479927f9fe9ec0b8d

SHA512
de48e0260a9d4c77ec9f354d3c757174b9af71e423d6dbdfdd1b5f1aaa3e572f9d2c5eeb4684b5e8d7480e660c531ba99b7b9e6822bd507ee39fe04d7c0df580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51aeada6f3f051fafef8fb511a77a097

SHA1
49fd630727d94ddb7c751de61dd799828876ec1d

SHA256
5b8bbb09c850a5e571d290cb2fb7073664b6d30f8cfbdc0a17ebcf6fb9e69a56

SHA512
7ba1c5ade825db2f715de9fb6f6ce04376a80d51805e060c4ea7c0e50d2096cd108f95a6c3dea4cc215aeb9d41dad8899fb198beca6f2d1cebd7c28b125f4c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
281e389f2c39941f1f19a8c7158b542a

SHA1
5cdb54b97d6291eb74ea3ffb4225b01afa65bf05

SHA256
5a2736ee5cbd7b9a4a485a9132d1069fa8f41a27093f6eabb65724a75bf10745

SHA512
d3bdae86f32607e59963e0ff47e3fe6e23821c529eaefe9c5a1cfd02dd8e62a1bc92e346da5ed55281fd9144d7f7bc4932cbeb822637ea36775e036c8c78127b

Download Submit