8e5c8474676daf99a5f320e62a2e49608b07712075a5b936e2f7555f181f2bbd

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2025 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_20f6875bcfa5118475ec35d097d02efa.html
Size

101KB
MD5

20f6875bcfa5118475ec35d097d02efa
SHA1

45b106497448afb4964ca31ff1a234c8517c7476
SHA256

8e5c8474676daf99a5f320e62a2e49608b07712075a5b936e2f7555f181f2bbd
SHA512

6f5af469889f237b6100b11b017a04ff8b45a9b18d368f4ca38c565db9cd060fa87b46d241b483c454710beb4bc8bd69bd0b8464d7629bee77825f093a0ed3ab
SSDEEP

3072:CN71odMhYXftodMha5SVs+HeLGdr7fCntMqrRsd:CNgVs+HeLGdr78E

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
884	msedge.exe
884	msedge.exe
5088	msedge.exe
5088	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 1240	5088	msedge.exe	86
PID 5088 wrote to memory of 1240	5088	msedge.exe	86
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 1772	5088	msedge.exe	87
PID 5088 wrote to memory of 884	5088	msedge.exe	88
PID 5088 wrote to memory of 884	5088	msedge.exe	88
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89
PID 5088 wrote to memory of 456	5088	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_20f6875bcfa5118475ec35d097d02efa.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff34e146f8,0x7fff34e14708,0x7fff34e14718
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12551637707908857171,15090350396830643017,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39c51e5592e99966d676c729e840107b

SHA1
e2dd9be0ffe54508a904d314b3cf0782a9a508b7

SHA256
29f29a3495976b65de3df2d537628d260bc005da5956b262ff35e9f61d3d9ed3

SHA512
b20532d0131b12603410c3cb425cb5df0ddc740f34e688455eff757802ffc854be771b30c3ff196e56b396c6fe53928a1577c8330b00f3f7b849fcf625e51bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e376ee2f541e6b1ed0bca701e8fb59

SHA1
bfe3cc2eed8721339d433533aef6e18e0a13a9a3

SHA256
80eda1e4d8c05e257ff17ef734d606e67d8ab70b3e351430b2b231631eed5e04

SHA512
a3f082c32857db0e3dec24394a259fff85e21b6a7b057ef55933504c23ec38cbb3237eb519d38385fc53cbc584c52aaf66291f44231245d9afee509a108a3350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1016B

MD5
68a3794997c7f125804ddf46882b19de

SHA1
2f3b0333fe52f1741055cd7c57e97a7891721b48

SHA256
f663477366aec862d523523d27e5ec8d5d8311baf33563306b07e9cd61d62545

SHA512
e5bc33b4ecbfedbe8ba187dea3b7d4d50468453c76c8b2e09ae00fc02952e15640e4a5a5ec052434a330af014ba7fc64a33d97aa2926ec545de29b2cf479209b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
983d03ef699f42b2717bbd489924b806

SHA1
06f91a9a91788698fc48d4f37bd85938b9ba2081

SHA256
a421cd7278b0978ddf9b08675b14fc6075cb27c3dd8d6f8160bb02e22e20ab61

SHA512
3cecfa7ec0876d07b72934433e4a2e5f6201af33d6b3082740f4dd44b602c34be44a73ecd80928f5e4a45ee1178985fe92240ca9a6f9c1ef9d94e53286d4d125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c82acbdff1f01d54ccc80919c9afe44a

SHA1
acd22e54d639c5e69cf95225e890b3ac92ab3f95

SHA256
3e9dc28bf8de102f6c953e6b9ed7e84f8e299ac640b7ffa5af10c9aa5afef8e2

SHA512
7013a843bf17f11859eef8fd549cb71ae2546151283383321915518ae2dc1c171b806fb3eecbc462b231f0a742b177283b68c717ca72378d9f2e65b7c951dfbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
80ad64189e870c09ecf861296484efe4

SHA1
86fa9de4acb9f7a2bd2ca6668c2942c2d0a3064e

SHA256
898411d40b72d4398bb128f01a4b0d7718d3bbc166690547c8a00c6016a092ee

SHA512
004251f147f4d79431b13814c135cb4d79c55c81cab76a795473760b05ce5a3f5a2ac47026efd0237e7f2d5a768781152b9b3ee5939ac9903973dcfff9d72b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b50c161d26d58fb2af8ab551fb54c4ad

SHA1
05f688cf0c97ba49f40dc3b3f4a668bfbf369552

SHA256
dcec02cf937b7417f6ca4100678aa150c2e509531fc966d919010cf24f0beee0

SHA512
1bd93ac6b7a06c3433daf3081ad4e7bd338a4c6d376af34301b1ba30f9916aa7be71e68e33edf5edd59b599379b29fe5ca2ee7712fb9368297671d6bf7438a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5daaa37354b90218627e5c9447455109

SHA1
baf03ab19ca4498cd357dcd6d0843e47a8291525

SHA256
de5975462fde16ac97427328dfa26aba646ee9e7afe34bbf4028cf21d0434cd1

SHA512
d9f8ff6d49851edec0e179a97c4b4caeb95241ac41a21092e732a89ca5118f990d41267fab749038055991bdee029b037671a05b960dab197c6997204e27c68d

Download Submit