020fe5cd0a8dd1e5c79e0e678da4733183ff39edc04aecf757e45d194248e2f6

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
04/03/2025, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_4f9c5a254806e5b7e7ed24df13e70f8b.html
Size

53KB
MD5

4f9c5a254806e5b7e7ed24df13e70f8b
SHA1

d6cefce0079584b5bfddfc31a2c58a75be3862df
SHA256

020fe5cd0a8dd1e5c79e0e678da4733183ff39edc04aecf757e45d194248e2f6
SHA512

e11bc5b1725a73ee476172384ef2df4e20988167256294d860348c7020941087a2768b119e547f90bec588746471fdf197b7d7d117ba6d4faf01bf609f9c8791
SSDEEP

1536:iv+N4C8BWKq0ZC5kZ4DjBKiqXx4YbWCwxkTaD:iv+N4C8BWKq0iDjexh5wxI8

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1492	msedge.exe
1492	msedge.exe
4144	msedge.exe
4144	msedge.exe
3680	identity_helper.exe
3680	identity_helper.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 1800	4144	msedge.exe	86
PID 4144 wrote to memory of 1800	4144	msedge.exe	86
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1692	4144	msedge.exe	87
PID 4144 wrote to memory of 1492	4144	msedge.exe	88
PID 4144 wrote to memory of 1492	4144	msedge.exe	88
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89
PID 4144 wrote to memory of 2516	4144	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_4f9c5a254806e5b7e7ed24df13e70f8b.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef7bc46f8,0x7ffef7bc4708,0x7ffef7bc4718
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8375006439534167776,13012116596590468641,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\438c3722-1da1-4c73-96eb-38dcd88f029a.tmp

Filesize
6KB

MD5
01b12dc77b42cb2296dd6a384fc3b2f3

SHA1
5461bbc891281272508bbadbfc1964b51260468d

SHA256
b146b24e31c02915fe7a43f2ef7ce56e989d83d14077d89a594f084b1aed29f4

SHA512
85c507e3b2d45f9def332ad3f0cd95fc68c725d31ea2347341f292536229befe66beda2e5c7b234b6141f1bdf7f9ad81f1c8baef557e29af3a3e651c4ef80575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3cc5e9da2754afd36fa45421e267f329

SHA1
8b48b492d9abc861f905806c1405b2ac0f5f31cd

SHA256
846fdb1714e82675708308709e494b97ffe1f93da545c2f1d1fbfc70e1694103

SHA512
30864c13b971dc1518439f69e42c2ac580b57b8fea3f0ca92fcfbf22d9961e14465c99880f410f20aecce45adae443cb7de12f3a2f1de1319d5aae931cf4c8de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2f58b63849ca5244156400c9aae76cb0

SHA1
9a005827a4d4ef6576ed4ac765a96d1261172286

SHA256
344e0243cce833cedfe3ce64f81f6b2a95a4a093ac7c85c1359765800715cf0d

SHA512
40b28a13f1bb91abf11ffe79ae1953647be85b0290e1174128cfb4cb098361ee8138d5a776a891e7abf269998df4b5fd8c461810757b572a91d4c142b294aad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
52a1cbe1e0a2ff4651c92a2aa7afaa33

SHA1
2e54fe1dab8183738cd56abb9167381053950a73

SHA256
d051916a93c72334a764c50be7191e7cceabf20b364c541109e8e8c81e36ecfb

SHA512
4b8f1577d85ed84350dd36721cd4398b1c3c60e28f4d4dd1d183a48f24350af0fa33afc3cee2383588ef8256ba75f7252d3940cdf3ff481d90740c1a9c7e1d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52d65ccc082fd43140943eea30c7ac31

SHA1
efd01512895471e74988416a98435ca692f02fb5

SHA256
8ba890a5d757faaa4d71c48a4c027cf0f5dd79f97e50e5fb39a28baa9e93a9eb

SHA512
363b2aa01e08d6e6dc9b289b1e9396bb6f42ed0a494f76e93c4f5969fbc9b2a64ff9943bcfe1070c699f60e04f33ff85f96598aa11bbc25476586102c2b90e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a20ae3cd114c5ffe28d20eff1fa693a8

SHA1
a783cd7039ca0823ec35b7cef904510913503dc1

SHA256
556a4904d072aee343d4a6ff9d14f4e08ca5dd21b180b6cb319577ad62e47a1a

SHA512
9689b889d76adcd26c60d1f040f53ce67c4aa3fc64b238a012724f906289dd35ae21d4f7aa53a5004ce6906372f9e254d77707a1c101e840accc462ab38f5ca8

Download Submit