8a9d485956f97f7479245b306f07141b9c216cf7227a9e8fa4aa76951ae4ef41

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2025, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4353f612c9ca5482aa95e0dc38b226db.html
Size

90KB
MD5

4353f612c9ca5482aa95e0dc38b226db
SHA1

68c4f7cfada72b2003cff7dacf3c7e46b5fc000b
SHA256

8a9d485956f97f7479245b306f07141b9c216cf7227a9e8fa4aa76951ae4ef41
SHA512

53384c293feaf6387c05cdb3ce2798f84acb606a08c514929beecc9ab3a8207669d7834db6131d527fe918613551e5203ab3a097e9004eebfb9cd08e73851575
SSDEEP

1536:CBx8m/6j1odmhqXfPodmhhvyX7gp/DCDtMJbiFd:CPS1odmhqXfPodmhhvyroDCDtMJbiFd

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2200	msedge.exe
2200	msedge.exe
4012	msedge.exe
4012	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 2152	4012	msedge.exe	87
PID 4012 wrote to memory of 2152	4012	msedge.exe	87
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2612	4012	msedge.exe	88
PID 4012 wrote to memory of 2200	4012	msedge.exe	89
PID 4012 wrote to memory of 2200	4012	msedge.exe	89
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90
PID 4012 wrote to memory of 4776	4012	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4353f612c9ca5482aa95e0dc38b226db.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd63d946f8,0x7ffd63d94708,0x7ffd63d94718
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,6989536152093859081,16851253503399726664,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e77abac3d03f5b27ca6d587bff7cfce4

SHA1
2398274b1f425b428b6860d225d691ccd6cac355

SHA256
eb56f6b62d68039ebff870d1968be6d2499c3ef9046555c20b1623eaeadf5c03

SHA512
bfb7aa7973e3ef57df95a42c7ce0e7ec1fa4afe0276802f38f3791e4a4d2aa9af300887fbca7297b75276415ecae7cc7ac0c413a3c95345e7b3354407c770a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71678a9de9a3336190ff95537cd87a7b

SHA1
9e213afb4f6397c8e64c2bcb8cd36931845a0474

SHA256
ac58d2d4beb00dc62fb0a5b50cac02d2529cb51733065ca5f1763bd810371c3c

SHA512
5f402598e4533d1a25e802353387725753ce54c7638515f91d80db2eed13ee9a676ae401e47ab424f57bdd5f3d6b75e577027fee10ded7cea0d99cbbd3c0c937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a1075efc2500501f21953c9e316af3cc

SHA1
01b0b50e255187a6cf9d40cd609f8235db834eb0

SHA256
4bf57312dcf7f201d6c1ada62e1065ae08f765932498511bf8449369dd820a7e

SHA512
ce30876783f15e9d247d1c3a2ce742e91c3592721d40e85a5ed9ddd283326884bdfd6354c69f1d9fe43d6198836b5237cd42547fdccc8fb18cd02a86a83eaa08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
745ff4b43f7f121bb46bb339de19391f

SHA1
8b614bdc1f8f242782b238b93b2aa8056ee959fe

SHA256
8be9210dcd21224c22abb85d3b4bf30f3c384b6efa1de7150ba9c0f500435330

SHA512
d5dcd7de445a8263e89ac75c5739294e962c805e498c82059f2378264cb119ff3fd4eaf1f8ea1ccee7798cf5371e6c807649ef3a42ef238fa0e6956901de3452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1de0ac994bfe6779203efc2aaf0de27

SHA1
aa3480e455b148adbba1a15cab92a2d42703c0b4

SHA256
c2bc1fe118af7e26aebf818e063e5dd6842bb56455046dbfdaf913b6782b28bd

SHA512
86c1ee3ebc20b9928de6e874dc5a8e7104d09ebccddcee15376d0df6ba0d6ba0d9f73de1ded7d625fe1c699eb51938b22f96d1870f7f747eebbb4143141a3773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c0880d41d541a2c29889ab5b9dd935b

SHA1
a7a8cfc25bc543b2ab7c79203255bfda11f18d87

SHA256
1b8d7356e574455621ccc1d5d99c20fa97356cb32f20a5a8fdfa769987328b7e

SHA512
ca843c272331599cf8cee4189eccc39c7535c368acbc243b3fa4b273b4e21f32d2a63aa3d8518a64a56bf31c6c619e93775fb82790a11f08d007209bc44da44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4b1e7acd32825c7f744f494e7081e758

SHA1
eed26dc816512e0fa20db9c7d3fe946a2d7fe516

SHA256
253253417e3ebff861efe55924d12a6508f7a322b2c0cfa79fb8ec635cef9ffb

SHA512
d8c055b43d75b029908d10cb2d5310f99fdfaa741a406bd9cb2c6a7d606eaa1373dc8ae256403572ef9dbf60315505134fc668c9525cf76638c895a5d2f083c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb1f6351-d1ff-47bc-8a98-a0b5a69d3968.tmp

Filesize
1016B

MD5
193bdfa7414e8bf209ce0e1bdbf24018

SHA1
c98fdf36d854253eeae748fda518e9af3fa8093e

SHA256
4c9bce7924048acc3f1b62eff0907fb8b0746920d38dfdc823febd0546622d56

SHA512
2072da581b6345c6124bd336fbe0c093106f2e34333ff1208f1018350d05d07149dca69a2f2e5f96f1d23124dc4725d0920fcb250759cf62427120ade1ebfa1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c45f931e6e4148a6fbf8fcda62a32d8

SHA1
5d70f0a962082c62450ae4b67b987cf345074383

SHA256
e60c7dab547620c17868fc3c2bb14d47a28e8582f317f46c7467b81a9838f222

SHA512
d5574b24176b14e4a2a6be1f999efb52b39687fba544f4a6aa56b8249dee2abba770ea7499049aa9bef1af88a4034b05d29ace2a7808d81ead0f813ffaa3c60d

Download Submit