5f1a2bd76886aa357a77fab4d33b47993ef8ab8fbb66184d489d8c435babd0a0

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2025 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_0001b13ea62d4ba414f740854e43870b.html
Size

98KB
MD5

0001b13ea62d4ba414f740854e43870b
SHA1

a21b75211ced8edd56702925b69eb56eb69c3dec
SHA256

5f1a2bd76886aa357a77fab4d33b47993ef8ab8fbb66184d489d8c435babd0a0
SHA512

47b856ac664ec984bfb8f3a949c542c3c1c0d18249250158f3c55c3b044a24962451eff293795664edc3e97cb4ff63b98cd12268b2d032866391f9d320dd7ad2
SSDEEP

3072:CB71odXhYXL3odXhrFJOXJ8LZ+jM1CntM4w8qd:CGDO58LZ+jMZ7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
4128	msedge.exe
4128	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4656	4128	msedge.exe	85
PID 4128 wrote to memory of 4656	4128	msedge.exe	85
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 2576	4128	msedge.exe	86
PID 4128 wrote to memory of 4380	4128	msedge.exe	87
PID 4128 wrote to memory of 4380	4128	msedge.exe	87
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88
PID 4128 wrote to memory of 448	4128	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0001b13ea62d4ba414f740854e43870b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcda8546f8,0x7ffcda854708,0x7ffcda854718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16819616560665559150,10520934167487480698,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1016B

MD5
cc2776578743e00cf54b99987576fbcc

SHA1
6d92310ff062f4bff9474e5132fea6342ef78d9a

SHA256
16db748549354bd0011e2848220d7fb29c9781d02ae4b4f7c75a4f92a93e2001

SHA512
eb4e82cf6f61b7b2e500aa58088128c4a4a1037314556cd4922a402f950e1f452c76e0050e9b3d2087fcf51a42262d7058ded0ca4a9d47c86c08042f3a7d174a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
85a373f6a7e7a4ce7898045e669ea174

SHA1
4261ddfad7091852a77785a5cca1ce6d3b726572

SHA256
2191b9fdf35e6d4542cf664605911574f7ca73d7f0d1b17b1c97343a70f7f1a4

SHA512
6a73cd64ce234ea58f40b1b102bef6a79a502158606c502237d94cdd2a9a201b6fbeecc318952a6a7c43b01de09a9a70c2cb7da440abcb092f3cac9e67ea35f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6aff4cd96da211b3e8dd6a9b78aad91c

SHA1
4720ed8c0578f5a9dcfce8bf4a324189a3c21c0b

SHA256
2168400ab2426fedb75817e2adff45e580a7d76f364bd6a592b4926eae37f670

SHA512
7f81cd4f8861a3007a7096d491ddb78ca4fc795bbcf1bbf9b0819ec55595a2e61fba9fb03de5369b50ddd9ad86d64f8e05fc08a025587b8dc2c4204445138f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
20c865bc8e2f410e81f44714bf8e70b8

SHA1
42b99e69d5c6da94ada33ed7d22a136ea0c31832

SHA256
d7df8d797a751405f7acdc5177852370d823f0023ee12fc63596735078770f22

SHA512
a7d829a2edb635a53e828948b671da55d71833a56ed7b2c95f7fe5c2d3c7a63da26dcee3c79390021753ba04fb6f86d0f3a18b6e1b16dd098ac378815da0ffcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29c47b11f4b7f74566b4a9cf02987179

SHA1
8a5c655a0dfbc24c6c2fd0e80e020926f162cc76

SHA256
0636067a0d756f86f3d3e97999c9f2e5f015d3f50fdf4df47eb17b1ab6081f27

SHA512
1c883ae1d2838ef77995febaf7e130db92fb7e64c0f390a9e3b9e2b400ac831cc12e19845b40a739c62f7c9b62822901f32955f86b040671b183fa9489ed5d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4976c3ae8c5437c13de45e85d18ddf1f

SHA1
9a26146f6e9bb0fd4a5635ff22fce07575717bda

SHA256
1d5ac4f29535b1b564475e8b55f94ee3406e49f5708048f076e686df865c12a6

SHA512
fe92120a110336ac9b819c1d830965951ea734d2cf7e1683a3746f76e01fa3817fecfeb5e04ed4681c378c8e818b5d5d0d9e8a0a0e7434abd1af32d65d751bda

Download Submit