8e4fce07589be74fc9035e2599bcbe881c740a6d720c4e8212d2a809780f4bbc

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2025 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_20cbb8e45ceb82345844efc5c68d7bdc.html
Size

228KB
MD5

20cbb8e45ceb82345844efc5c68d7bdc
SHA1

d587ebf4f2fde45c0af52805c67717d994aa2283
SHA256

8e4fce07589be74fc9035e2599bcbe881c740a6d720c4e8212d2a809780f4bbc
SHA512

e79cc87b01cf5b35bca93eaff3790988719aae72877ebed0cdbd5c32865fe12773e716e31cf7c0dcddbc863f5f94bc483be5a997e0207f83ae992ee01b3a6859
SSDEEP

3072:lnw5lKseu3SqodohpVcqwmwqARwlq11MOnv8sF6OZ7+3Vy+2ZrNSh/MxY+Kj0MyO:lnwPKsF0Smu

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
24	sites.google.com
25	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
1544	msedge.exe
1544	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 4892	1544	msedge.exe	85
PID 1544 wrote to memory of 4892	1544	msedge.exe	85
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 4452	1544	msedge.exe	86
PID 1544 wrote to memory of 3416	1544	msedge.exe	87
PID 1544 wrote to memory of 3416	1544	msedge.exe	87
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88
PID 1544 wrote to memory of 2180	1544	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_20cbb8e45ceb82345844efc5c68d7bdc.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe288846f8,0x7ffe28884708,0x7ffe28884718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9218752000762509284,5960282818454371913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9d02ec29931c3b2218c22acf22fd8e73

SHA1
8786964768d955270e8fdbbea652b68c7b10dd6a

SHA256
75182624c685e2666ab0670c6216993a4448fb2708a33e7dee5069c049a30cd1

SHA512
f3fdd65ba74f4fb462192b1e4aa0c4ab10a73ce0ddce07a3af873c17ae26cca2e516ac5befde00ea8ccd72e45a0d2eeb9abdb912675b90e5e8f8e85066df8fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
73728db38d95bb616bd96fda93f2ec0d

SHA1
9b957c52e7b23bd2af54df28f1f0d0f64c4e1b1b

SHA256
c895a96c04a16447ecd2617a34dc9d8added4f3ad9138a6cac0ef4991d401895

SHA512
90b128c20da6dcc337a79b58da08c3ba0aef4f02bf0a94fcf8b10476b5b181f4e8e5d8a0e936dafc9fef021c14c9fe10524ff2e71aa304aa0820aa08d2371cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52a1c2a3278b1221b737e341203d1dfa

SHA1
3cb72486df0e48bead00a658348c1549a2f3bb0b

SHA256
dae924023e82c61880ab7ed3f4b551ac8cceec27681e02bc2f609a9dee988952

SHA512
750379fd57295941ddf6dadafb70280aec2a2848abd4ee5e1c0ee250d027888e2eb04c3ab93d3c0795d58733701a35280b92737f4a16342bc14e0522d617a745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a18b7c7e5b2658e2560df8beea09d73

SHA1
83b36c4962ac8edc51d66494f27a2d4e8c12fa68

SHA256
536ceaf7708d9ec62a04a04bd82efda2c4bcdf40f6ef45b8751a0d40278bc3fd

SHA512
99f018714aa6882ae7bd8ff0582ad8699c391d9beac7e75c65c68ed00a367647e7b3e8bf80804076f0eacf5101fee772a409ec5cb8277b6959c5294dddc10d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
772c352375e795b27fb55c002d80f28d

SHA1
54b68c5c312f2ae54d8894dc4c8c2e771a7c1310

SHA256
9135dfd6e3e6cd1982b752afdebeef4cfb3cccdbcd2b570a4ca7ab074f3e5dc0

SHA512
be5b260c6d6e7ee62c24894e56dbbf3940f54eb42d74fe31981d8b1fa7fdf94eae2e88e3f3b271e39b45b1e0c6982eb068c402526f7870b73df384d5f842abe0

Download Submit