5ea92682683731c8a490e5e0af99a7f2f234734a9b20a3a9da61a97bf796cd81

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2025, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4d337581b6c7d60fc68ad0f4b25140c8.html
Size

104KB
MD5

4d337581b6c7d60fc68ad0f4b25140c8
SHA1

ae1e1510c41d2bec56c887e00a199e96570befef
SHA256

5ea92682683731c8a490e5e0af99a7f2f234734a9b20a3a9da61a97bf796cd81
SHA512

7daffd900a46038713013780492a12ef1e8898a1382c8cc7a10a375816b1ca1d0da238eb3f0b48259ed0c48bc474ca71e9e3f581dc1d6515acaa718ae822d50d
SSDEEP

1536:zEPYhDKYZoefNoNNNQNJgnNYhNZD9rNg30TDTq0mJNB1N/nrN1gNTnFemCE1dlHw:gPaDRjDKnn6nFemCE1dlHt+iQqoL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
4288	msedge.exe
4288	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 5072	4288	msedge.exe	87
PID 4288 wrote to memory of 5072	4288	msedge.exe	87
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 1560	4288	msedge.exe	88
PID 4288 wrote to memory of 3056	4288	msedge.exe	89
PID 4288 wrote to memory of 3056	4288	msedge.exe	89
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90
PID 4288 wrote to memory of 2752	4288	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4d337581b6c7d60fc68ad0f4b25140c8.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc580746f8,0x7ffc58074708,0x7ffc58074718
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17017831571154166993,9377593020296030892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17017831571154166993,9377593020296030892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17017831571154166993,9377593020296030892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17017831571154166993,9377593020296030892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17017831571154166993,9377593020296030892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17017831571154166993,9377593020296030892,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7dddd76d350e6b1c2cccffdea8f562b7

SHA1
4262c372760e474c9c42fe17bff0b59c74fdae98

SHA256
fc3f080dd494acfd9488a394506108c5a1b5f6273726fabf20cfd3d3b2489442

SHA512
48aaba143f9e898cfeecfbe8b92ee41507ecf493d9e1a58d12f6efe89907f719bfae3a13c956bc24181b17b9de85df21c3bb455679a0e32c89dba8678a14702b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a3e0bd3c163c470ea1c029edd8c963a

SHA1
213fa8a128b1975caf17b2e48362df677602e710

SHA256
cf41fbf9b784bd8e925375d62b5c57382d65862759a6903e7bb6edcf6024213f

SHA512
c4cf89d9b951fc74aca05cedd246a32e939bb542e5f1e35bef0d833577c89e84c4b3c32b1f8fe82f8dcb0a59a362a0dad7603b1550d41d5446bc2b749a90a083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b02d66ab15e9dcd03c9e60cbb991ba02

SHA1
9a882377d9a8f12bcaf091331b43c4fb36a68b2f

SHA256
ade199c270e04b22a4343938c61b6bdcf0a11229829e018ba80c1f934c088dae

SHA512
64cd30358e462beced6d00b946f3d8801fdc207113756c7f52b1baa62e90a3783dd1b72239674e3db9e194206490f825daf469011c6b83eff2a671cc35440e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fd3b86574206a0f519ebf25004351085

SHA1
11afe657002738a6ba0af138f5106b6b38bc7219

SHA256
69b5e2bf52459a052d1ed8080efb93668ea7d9f90a3de667456009e279238dac

SHA512
1f0b8a744a2135ff469ea6f32a9dc7403476d457dfb7be1ff1488fafd2a035032d246ac0579efb929c10bb3c453f5086b83d284c21857dc1a6fa6811cbaa1095

Download Submit