c499dcb67994bc8aa083862a0b8424d298af1b1027cf7f09e92b996daaef9b66

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2025, 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4458a62397398a4e9e1ee6ff1dbcff15.html
Size

229KB
MD5

4458a62397398a4e9e1ee6ff1dbcff15
SHA1

a998300a0fd4611fbac1e36b64f896a8fb3ec7dc
SHA256

c499dcb67994bc8aa083862a0b8424d298af1b1027cf7f09e92b996daaef9b66
SHA512

c101b9eb1057ef921a1c48417c2063ea430057299550f3322d9aba450812ad31cdbfdd6afadf32cab551c7b58b364bc5ffe37c43ca27cfe2af6f8329c10e17cf
SSDEEP

3072:qnw5lKseu3S2odChAhmLmwqARwlq11MOnv8sF6OZ7+3Vy+2ZrNSh/MxY+Kj0MyrX:qnwPKsXSGn

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
23	sites.google.com
45	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
4920	msedge.exe
4920	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 836	4920	msedge.exe	86
PID 4920 wrote to memory of 836	4920	msedge.exe	86
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 1544	4920	msedge.exe	87
PID 4920 wrote to memory of 2352	4920	msedge.exe	88
PID 4920 wrote to memory of 2352	4920	msedge.exe	88
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89
PID 4920 wrote to memory of 3564	4920	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4458a62397398a4e9e1ee6ff1dbcff15.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe558d46f8,0x7ffe558d4708,0x7ffe558d4718
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4940 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9509722846866374813,6405953927445161265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
982B

MD5
00906285026c9fd6aa36140abddbb418

SHA1
24648c15f3fc865638c89b5d3e660471d4a45894

SHA256
489a6be2c35b6c1692003e5de3c3994a210713fd48031f3d424c74c44e08455e

SHA512
44e0afa883bf4c1ecc21fba12185d4a14c7e5cd9f0a6792f5f66cb924137b51006ac16f634f269e2f03838a9ba364982b0bfe73f5abf00105e058350c2e3093c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
512c0181ab32ef1bd88606d02543d2c4

SHA1
e63ea7f71d7ef8d8e4e51696727f5fb5f3d197c3

SHA256
e9cc24e45a05b253fc73b3465d5a2b95f110c8d244d7976ad0c463ba98147915

SHA512
5581f8ae9b80e2a2271726eca609a05dfe78df21c22c8e83da3e6871f2cb9ece0276c803bdf2fb4827a433eae1a07e7fe1743cc91244fd7690cd0204e12c8904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53ee8fd6ac05171abec2e05c9f1a10f8

SHA1
2a6c24bf2f6a82719e6c954815d7bc7aeb33e11f

SHA256
962eeaa771b2f7332456ac7ab9cc4c4a4f6da62daa55de8b34bc1d3459f6255b

SHA512
cdc322d1145ca75c9371bfb903b16ce5e3b93508abfdd93a36e4c7d05edd9d9476ef290713ac2569afdf34af65652e331947874c9576072ad0cb4df42dbef049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66863b040f16a145c75f75258dbd38b9

SHA1
f32da2999727e18aec58b6dd727d2bf5fd2f367a

SHA256
22867fb8eb67012fef38bdcc1b8226f4aae9c6e2baa59c014f86c518f219b949

SHA512
49c3c014bd766b213c05641ffe783fd6e1a155fc8f1028174b8c6636d12e9b09c7f797f67a4899bed7fb03c89f41f168e362c81d771f3915ca6fa66d1c37c828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c76b4246076719f4e960ab4342688d15

SHA1
b72294e52a0915eeff8b0e39f5f9029e09d6c964

SHA256
0511226ca74233bf7c1d232553992509813e3221a662ecb81e202f1203c79dfb

SHA512
eea6578ce0a408acb226994d05389d3002d9165f82cc232ce2ea07bac3e413da521a4d3b4d3ec6923630c87443d958a73bb3d7b84cf0fc91e3743460bcfb3950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
71162ee940337aeef9c48636ec8a1daf

SHA1
c7c0c5d92b0e3cd3de36835fb790ebf49270e723

SHA256
bd68b45e041905ebbca79ad4a00489f116ea423d451ae0a63955a22066590f1c

SHA512
95859383412eaab504a3593c9743cd68024cc304d554e5ffc305e574d6d0fd118ebf697ef678253b86cc4b40acb80082d82675462f42822e13cf65fd4cf82be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a30f4.TMP

Filesize
204B

MD5
c6a910ded037eddf1253b63a4fae5417

SHA1
17bdc51a6c304195219d7fc352e7cb34ec165001

SHA256
0bdb12da12c4aaf65f7fc3d9566909f17552dc47e5a81d2f2953554576366621

SHA512
1e95e61b531de6f3ebf54e8b7dd04c16905288b9b90975386bb7bcee5e702e4219dcf6151aa6d3f7ba94ad8644dbfb2750868a4342cfce8ab306919ba5f040e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e683be6de3dcf5300e98c6e31b2c307e

SHA1
e2425f9d6bcd293ca3382bd6559a8b6146d16dfe

SHA256
e772c793cce4be2fadacc4707a5316531a48f57535f2c0743c0aff8487936d11

SHA512
ff60310f819a2ec67f65da155e9b9adacdef2061049b5984fc748c036600426540a31c3daecb4cdf405f4efa4aa40def1ee57a51c86590eee16bc3210d2802bb

Download Submit