f543fd8fa0dae9746dbe1cb60b183c34359207270f0d12bb56fbff1a985f83aa

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2025 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_02201db4df5cb9414fa06df903d5bfd3.html
Size

246KB
MD5

02201db4df5cb9414fa06df903d5bfd3
SHA1

840b5b0d3ac0aaf016cd597ddbe188b3ee6bd856
SHA256

f543fd8fa0dae9746dbe1cb60b183c34359207270f0d12bb56fbff1a985f83aa
SHA512

77f76ab4e5ef4316dec7889e982808037f54c39cd6c7a6dc357b76126478e441683cca2e37e894153d6c98e12c2dab19dab969604a10826e40ea308343bdc5a9
SSDEEP

3072:Xnw5lKseu3S2odUhfgQKjSHAJmwqARwlq11MOnv8sF6OZ7+3Vy+2ZrNSh/MxY+KH:XnwPKscSHApSso

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
15	sites.google.com
16	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
4320	msedge.exe
4320	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 4548	4320	msedge.exe	84
PID 4320 wrote to memory of 4548	4320	msedge.exe	84
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2960	4320	msedge.exe	85
PID 4320 wrote to memory of 2896	4320	msedge.exe	86
PID 4320 wrote to memory of 2896	4320	msedge.exe	86
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87
PID 4320 wrote to memory of 4968	4320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_02201db4df5cb9414fa06df903d5bfd3.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff15a846f8,0x7fff15a84708,0x7fff15a84718
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,16791288527562969517,1535732506182131717,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
395082c6d7ec10a326236e60b79602f2

SHA1
203db9756fc9f65a0181ac49bca7f0e7e4edfb5b

SHA256
b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25

SHA512
7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27df0383d108b2d6cd975d1b42b1afe

SHA1
c216daa71094da3ffa15c787c41b0bc7b32ed40b

SHA256
812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855

SHA512
471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
842B

MD5
4c7ff86000cb7280c0b03a4134d1ef10

SHA1
72556935635b3c1f290edd5dd1097fc74e364878

SHA256
555716a1da84e517725383bcc26284e4732290f974db237d8d39ce50293483be

SHA512
5c9f658857180a3700d674d37db8dbb873a36ff5e5d104dc530934e9c7f93e3ab8740246a4cdc3242cc54bbd45d5837528090b889bea19f9c296c1b924663455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
811B

MD5
4f41ecc50981aa45bc82e8bd7c9e26ba

SHA1
9a93b77b097be757aef0758759116385456720c9

SHA256
7d72b0aa4d5222bf56a1c08d83d94c2fce87a91afb626a5823b258c0243c081a

SHA512
c52eeab2a07f071251e10a9e47f695058678cff671c1cafc455382d2fa3d12c3f8173bab756ad87a321ddfa468321cea2b2e20e5041f0da222334a8d29a695cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f04e4683384e8a574a766c7ccdde3502

SHA1
13ab67137c661df1823acb59cb310d5e2937909c

SHA256
a0c9ff3bef8e61657d885e44996e5e6394594c43c6eb3413b1d16468814608d0

SHA512
281a602e5bbf5ec86caef59e30aefb56d523bdadebcfeae3a0bd08e8805c574a36bfc18c84363e931198be3cace15c0dc38e6dbedcf78e54400dd091a885f648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f4ae0a05c0e1a5ceb125b170835434d

SHA1
76824f467c278a198d6855d7ad6efc5a9a502fc0

SHA256
bcc0765d32f7fdf2b05dd12f226296059e2109ad2d1031aace869ebae13d5f46

SHA512
95dc427b0a52e6dad577de5bbb2d6fc521858dbbb716328bb9b62a2cfb637a5af3541dc560207c63343c4843fed25930915f7e5f5319dbe6931627ab74d2d4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58a3ece306233a619a30d95c3ac7934d

SHA1
db3ec47aa2b6a8d51f685c33e81e40dc66302ed0

SHA256
b37b5110381661e99bc5f592d4bb361e0068c76a86832b9e3682074a8ab28e0a

SHA512
f3b68766d33c0b22cec32b2afc9e5511c2b5d79efb29650a247fe98d83fe893d12d76f384ada38ca79ca767395b6ee114305cc04fd4ead832a006c0e69040566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e1cd8cb3dc2b50111ef1c59efcb2174

SHA1
1fe0803a48ab3afbffafb75ffff178b4d915adac

SHA256
0febcc4f86657cda512ce21e416a75a760dac5d0e77f567dd4332511881bfdd8

SHA512
85985d1feb9737b3cf926384c14c9399c2111cc699d863bc428e70847a8b5e645f0ae6c9b4ce0bbb4535842afa8f45be2570a749a4b530a3b4999a2b6525aa42

Download Submit