eb3cd99a57c8047d091191d8daf8501181928c5fa90ceb02de8b74c8634d7fe5

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
15-02-2025 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fc98378b1c13600055068ad489142da0.html
Size

66KB
MD5

fc98378b1c13600055068ad489142da0
SHA1

3e162f9eff690d1feaf51d0b69418f0af847be1e
SHA256

eb3cd99a57c8047d091191d8daf8501181928c5fa90ceb02de8b74c8634d7fe5
SHA512

579c8a642d2f99dae0edc33eef5f119ca5d36994b9a4cd887d9db76dafc15021eb4262275dbf319ca1dc7388ddd05d10c0f345f3e903d6a9969fa5c982ab1a92
SSDEEP

1536:qKUXpi9SdCmAlItC7NFzqJ9nAK6M1Zfx1/rtslGZ4A:qBXpi9Sd7ANFzWAK71AlGH

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
121	2704	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1584	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
264	msedge.exe
264	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe
264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 264 wrote to memory of 3272	264	msedge.exe	89
PID 264 wrote to memory of 3272	264	msedge.exe	89
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1632	264	msedge.exe	90
PID 264 wrote to memory of 1064	264	msedge.exe	91
PID 264 wrote to memory of 1064	264	msedge.exe	91
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92
PID 264 wrote to memory of 2128	264	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fc98378b1c13600055068ad489142da0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfdc946f8,0x7ffdfdc94708,0x7ffdfdc94718
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8759930634718864323,6637682220342461533,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2120

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTFDRkNENTUtNjhDOC00RjE1LTg2MjEtQ0M3QzBCRjdCNUU0fSIgdXNlcmlkPSJ7RkJDQjRDRkUtODNBMi00Qjk0LTlFRTktMThDRUJEODUxQzcwfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QzUzQTRCRkMtQ0E1Ny00NTk0LUI0QzMtRjFGRTc3NDE2OUU3fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODIxNjkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1MzE4NTEwMTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTk5MzMwMjA3Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
801be0c9974f5b19e11410cdca27cef7

SHA1
31a5e111c6f20b94362d662d101cca5edb64b401

SHA256
9a89f5f26ff7dea0fd13726ed7d8e9dc9535288c75b25eaa6bc254324aa5e36e

SHA512
4bfb4783ca4f9e0affe002b2dbafc3f40e1e051cd5e8a787f6a926e467f307ee253c8a84a43b6882a2b1d11f8e17bdb02c4d74247a1e1716a65ab74df7fc1135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6393f79a5df6261cd25a71a1c7cf2a13

SHA1
881fc5e01962af69cd5cfb630a37f2e7da96e95c

SHA256
551698eed11cef04d0a7bf97ad2c84e78cd45d1e984d104c95b825959d9b9674

SHA512
f9f2b59ed4a20270213d3ce4883ada26edf911df2928fc6f6572812ef70103c61497a8ae4b75c4bcbd6048e90e329b4bf00d07b2d22b5a0c5fb67c9781373852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f68fe4f5b5f9a10b864df4cda371d943

SHA1
1e01dbbd5526376ed439b9834152d077f616fd82

SHA256
9aa4e19f7b2b762e9696b28b9e98199c1ecc339f5e74122ca912dea425e02a8a

SHA512
6127366c6055cb4312ce201933abada081a8d22f33600961082ab1b00c6d936bf236f2e380ccaee84ac965ca5505b59dd862c5a604842633e54dc6e42062013e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b1ef21beec8ba70df6babc79a1efdf6

SHA1
f44c94b8e3e8087af1f802c29c6fdb07140bf5b2

SHA256
7a086423c1e19cc49c1c5253d66873a74fde9611bba39bca6eb821897cd92aae

SHA512
1957f3a2cbe7f67de2c8061232f428cffdb6ccc73ee97b435350b7df29c45b4b97960452ba5a7eacb5f804d3887d611f3fce8d610921ca690f1ea09675475e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d00d83005787a28d17d5bd3061e04ca

SHA1
2a7d0e715e0eabb968dd83bf58b6f632f57a69de

SHA256
16b1f30abcc10658fa9db86a3a8e51cd4318ad9e67b926586b831e17f9b022b3

SHA512
587af1812a6764b764b7e9533f3292c1fbd9a8a6b6c909be81192690a434c6f336215f63968afd043fda84299ee628182563aae9dbe1a479bc85f2895c46a080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c3f37c87-ac01-42ac-aa1c-982c17bec512.tmp

Filesize
6KB

MD5
a38bb0515743f5dc7f80d9fed72b5354

SHA1
367a8b78fc10fad8ee403a6f4356700f3557678a

SHA256
959375d2c773de1dd954cecea23be23583eddaa18a15c138a86d4f45f8610946

SHA512
0a98debdf95a2811ae4e2039bc55874c2a0e09fccf2ef7cc4d3bd18ab06fae1865de089fac02c4b8c46037a52dba8acacf74361033c316455c638fb84b225cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8ac23348392e34d5601c0c10d99f035f

SHA1
240d0ec41829ce9099ce0941d579b8a54fa0ef66

SHA256
1399d028ed02392a3a3fa727b4cbb57b0be8b01ae359a70459c1945847cc9107

SHA512
3baad53c566d37ace81de39792415a2b387f74244052be51269b0d80a03e01eeab649bc698edfef77e794b28b3e5a525e9bb370920a5c5651880b09b91926dea

Download Submit