7c46b81760ec8facda65ad6a23c056d2a0d8013ff85ffb84e6a71802c2b2a755

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2025 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_af1a6c57e3f4c5863b58a37776351abe.html
Size

127KB
MD5

af1a6c57e3f4c5863b58a37776351abe
SHA1

508135479d1f6d4f9c40a0900c406b67dd15a935
SHA256

7c46b81760ec8facda65ad6a23c056d2a0d8013ff85ffb84e6a71802c2b2a755
SHA512

d5b667682040b27f864c688e67332ed3f791e00e0dd851588d9f93bc7a049386dd6b2237e3cd1e3ffc5d3229de50b0e13de941e724530341e1268efbed2dbc03
SSDEEP

768:2sk1ATx+Bw24Tp7VD6siXhWcVI0Hoy57EUJ3uCmWDrODQPydd7rxq0pa7XE6cVx6:2oHD6OcVvo1UJdcFpa7XHcDOatb16

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2848	msedge.exe
2848	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 616	2848	msedge.exe	84
PID 2848 wrote to memory of 616	2848	msedge.exe	84
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2028	2848	msedge.exe	85
PID 2848 wrote to memory of 2260	2848	msedge.exe	86
PID 2848 wrote to memory of 2260	2848	msedge.exe	86
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87
PID 2848 wrote to memory of 2320	2848	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_af1a6c57e3f4c5863b58a37776351abe.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff832a46f8,0x7fff832a4708,0x7fff832a4718
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,8580782453779327242,1154896692513507659,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0504c0d0b9c007a767de8a404f2ec484

SHA1
73b1066ce283079341bc94a3e5c65535f0523145

SHA256
3469f4679beea250ce59f3fa4721e48f81587735f44e0fa2b70638b78dbf8a2d

SHA512
c6c0c6edbaab3b92832c4140916e99ca6725b79e5d3a43ad59ebd94a567458ef79923e2236b43344ecb6fd75442d0c7779b024edbd1bf9035a2a86ba7e5ce606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
50236cd957789ed0d1b6564c7f0ecfae

SHA1
4c9e4dac57ab9ffb5bc55154d6ff89f1e6c1d5f4

SHA256
5820467c07d06249a1462b7c9deeb0801a8a6475ea19637397b9bbbc95f90fcd

SHA512
1cbf4be5224fecf811bf81361d6d282810de016194b17e2002d510287d384048272215b813838912eebcdddb1f657ade0aa3c122871c9d636b6a8fa8e74535d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
395B

MD5
2e0ca6a33c523454ae003f59f69506b9

SHA1
8f007c5a80ff54072a2bf8831696d0a3a35a8ff3

SHA256
cd6e277823b9ba8ea57b36196745526f01e8bc186ddbcbcaef04055baca42d6c

SHA512
939fdebb8925805b59787a1ddae4afed647c88b4d8450ba8529886e1b5f200ab6e329fad47bdd078f97d4c4dce02c9a63916dcff05955dca7f290dcde5fe4816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8a7830160049a4aa27cc7f11c0724e3

SHA1
7a8f2433fb845af2c73980c627926b2118aac0fc

SHA256
85c6fcd4545c4041c3d82a30a67fe27db7224e37cbc95262218e69eb2b263498

SHA512
91e2b3386c60943320a16501eb075316f00133aa81c72a1448b1ed493f247b91e2049f4aa7644ad156ea462c8ccd56bf937a67986081a610017a5cee22b48000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39e624ae88c62576d87cacb7cdec00d4

SHA1
67390bb252fa9b44d40f72f2fff0e21c674b9147

SHA256
a9d29dfd7c90f4d0dc2a438c28e4299b357af22569e6666d2a4b640f863f1ff2

SHA512
c43ae0aef037ccb3921b58f33ef5c639400fbe33683556a49b77193b54ee15df2b66274033a891cd0314a003eefe5f03eaf7e11b9618a590c7b0627f861bb7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c76abf6607947030b22ab402930cba8

SHA1
57156639c82f483930aea5da717cf20f26511134

SHA256
4de87d16e44af3cfd40329c30b8464bdeddf001c889a7d33b2c19dc31083a605

SHA512
b4b7deff9f4f1353a065e7fa9676f5cb2c1d09b09c3eba823ecdcdd805c4861eb4f61f6939054e7297cbfaee3b6fb293a793bf44d29064a5cc51cb94edf65026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d471826de2d6da501debe82882faf66e

SHA1
e7a5172529d9780b0f030bbcbaabdc03dfcf2bf3

SHA256
60264f3bd88e83309952dd93d321e9795e253af39cc241a0790d4a3bc8422e1d

SHA512
b4738936f09354315a143300c98f6b5f17ab53c4f0fa37f5cd04407152dd2a95b73a5da89c35175f16ab7d2f61441cb274b900713107797fd0b6f26285d9e5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
34f7fffe61a9c3bd8d9fde7f52d63037

SHA1
0e4492ae9664f794dc7ef698012d9de3ac4b8428

SHA256
23352ebb961ea9ed49ecf363afb13eb29500de38109b286fdde98ecb03e5615f

SHA512
d245f06014c2f96c8574f47623ecd8c04a809faa5cfc0bd889f0217ea9e70603eb4f0b4d7b46f2e2553e9e92adf33581e29e462d311580ab8e013b81cefa051c

Download Submit