60c92432cc09aede98a1e7fc53118e05252efbdb1bb3d33f98001b6a184d4545

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2025 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_044edbf2fcafad018e073c586b244e64.html
Size

95KB
MD5

044edbf2fcafad018e073c586b244e64
SHA1

6d1d0b583241755163ff17420de09a243ff40568
SHA256

60c92432cc09aede98a1e7fc53118e05252efbdb1bb3d33f98001b6a184d4545
SHA512

b43fdbe5d68a71592789a20d85a0fe4e4f3719ed0978fb3b919b448e4a858bdb97ca1cf7cfa7a3aecdca58e6b7351cd22eec3063ca5c943a101968ba0565a99e
SSDEEP

1536:Czx8m/RkD1oduh4XL3oduhRFVd52P8TL1LCntMLpuWd:CJe1oduh4XL3oduhRFVH2PiZLCntMLpz

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3376	msedge.exe
3376	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 1804	3376	msedge.exe	83
PID 3376 wrote to memory of 1804	3376	msedge.exe	83
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3932	3376	msedge.exe	85
PID 3376 wrote to memory of 3976	3376	msedge.exe	86
PID 3376 wrote to memory of 3976	3376	msedge.exe	86
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87
PID 3376 wrote to memory of 1248	3376	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_044edbf2fcafad018e073c586b244e64.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3bc046f8,0x7ffe3bc04708,0x7ffe3bc04718
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13617480819651110413,16227546877922455486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6738f4e2490ee5070d850bf03bf3efa5

SHA1
fbc49d2dd145369e8861532e6ebf0bd56a0fe67c

SHA256
ca80bbae3c392e46d730a53d0ee4cfecbbe45c264ad3b3c7ee287252c21eaeab

SHA512
2939edf5e6c34c9ea669a129a4a5a410fbbd29cd504dc8e007e9b3b3c7fbb9bea8c14d6177ac375d0c481995774a02d210328569231cb01db07b59452333b22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
93be3a1bf9c257eaf83babf49b0b5e01

SHA1
d55c01e95c2e6a87a5ece8cc1d466cc98a520e2a

SHA256
8786fd66f4602e6ed3fa5248bd597b3f362ffa458f85207eaa154beb55522348

SHA512
885b09dd3072921f375eedb5f0575561adc89700ecfbe999bc3e5ea1d7cb45e19d85c5e420f2c0a12b428742e1110e66f4ceecbe5a6badddd36cc9e0aff48e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3c0217e765bb4799cfc672c3725205d1

SHA1
48cd0aaee284c750ef782a43ba269a40da7cacaf

SHA256
a3a801942d6edbadce8e8ba7db5d7e971a6d36acabbe7a9d23607559ee14e1a8

SHA512
a0df7831872b0333212a7b13409e4e0b56de775886c3d9c5bc0e7a5374913b8247c61e0529c6875ab09c6ed8800936adfe538914ac2258964c6e5f3382af38d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1016B

MD5
a04ee14961116eae8b515a84e3363dee

SHA1
c2f794db350c9575377afe6959342747cd0ee570

SHA256
5ddf64a9504645aab9bf8d58f0e1f53d736b3e5c2df8d01d67dbac04645dcdcc

SHA512
4e5de8f6d28bf775da5ff722614e17499738573b2fa80f3151075b6a4630b56f2c7eb96e13257715c33ff13bca0b13f7f8a6165d8590ba9b5ecdf315e19fa809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
703f2aceb5ce3a34997d076da94d35be

SHA1
c45a31482f9c9fd90a3332967ecc33948f925d44

SHA256
fed3e905ea0fd2a460ac7cc6119180e3e96ad65c41f29d8efe432155c01ed5be

SHA512
37fc0db817f5595bd387c08799664788279e6b20010371d09803ed4e417312fa44ac61d518ff0d2a682702c3392d478494ea9c8aa648bce1764735c3059f8b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a7ecd42ced32765975eec5b699cacbc1

SHA1
4c000ef67bae55b5776fdc3f83abbb1932631865

SHA256
02378dbae8b80286ecf4e2ec64bc28ee3b415b1c2a0786ecd0b5f3fc95b49e7f

SHA512
f6954d6db9ea4d0e60cadcbaa7b64537d9eff760daf105997db9c4697c2e7c54a08d1540a11c9e2c152707006c0ccdaec66b6c42e445cb03451b11106994b6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee8ae38e2eedebfad284ae7175ccbe31

SHA1
9ea9189810890840a803ed9986b60d02251f09ba

SHA256
1cf26259e310abad62b66988fcc1a48b2b37a62bbd92bb10c0667b837b051ce5

SHA512
c528ce585cf0176b3c152481e938caedd9f081f91cc0937eb729cad71d23b6620714160429ff600b93d7cf32258d8a0233146023ce87692907854da11d1598e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eea66862ffc54df285b5bf144b51c966

SHA1
f23b04120ec04e3565ecf8622e1fb7c1579f09b2

SHA256
e099a326ffdea85e165e32c57e893a4af9810741fa3480738f66843bd8e18310

SHA512
426c8d4084ed2c621c4383a19a4703325e7c14fad455da556296269c94f1d8dbe93dd2181d49740fbfa8175c30fed260206149c619465eecc26dce44ac5147ee

Download Submit