7bb27c591572c2be367cbde1489c6e5d39c11ea641a3acde4554c2ca89ed4098

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_56328a0a2864215a391623d8081b38a2.html
Size

117KB
MD5

56328a0a2864215a391623d8081b38a2
SHA1

faa1eab42c9a61ed83dbc5bdcf99a5ebeee7520a
SHA256

7bb27c591572c2be367cbde1489c6e5d39c11ea641a3acde4554c2ca89ed4098
SHA512

b400539cad1e8bceee71d07bfc778cb3ceb62c55690f3deb23d78d31f89d8e9a8a70da18243039427fefba4f526afa06af364d0fd72523545218f2c35f555981
SSDEEP

3072:JUcjvG8rMdcXmNRSUfL9u4bar+0MP6SzXjtkjM:TrXmNRqM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
1956	msedge.exe
1956	msedge.exe
2616	identity_helper.exe
2616	identity_helper.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe
4248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1884	1956	msedge.exe	84
PID 1956 wrote to memory of 1884	1956	msedge.exe	84
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 4592	1956	msedge.exe	85
PID 1956 wrote to memory of 1272	1956	msedge.exe	86
PID 1956 wrote to memory of 1272	1956	msedge.exe	86
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87
PID 1956 wrote to memory of 2780	1956	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_56328a0a2864215a391623d8081b38a2.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc7d946f8,0x7fffc7d94708,0x7fffc7d94718
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,17010988066153332009,318886906751852776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
010f6dd77f14afcb78185650052a120d

SHA1
76139f0141fa930b6460f3ca6f00671b4627dc98

SHA256
80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7

SHA512
6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f09c5037ff47e75546f2997642cac037

SHA1
63d599921be61b598ef4605a837bb8422222bef2

SHA256
ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662

SHA512
280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
ddaec4de4a7251a4787b8796c694eec5

SHA1
e392371871797a7faa3675d66e2b97c6d65e2947

SHA256
66d31c4c8e0b2fc5ec764ec4550eb8ccfe51fcc61f0cb8c94ddf6077eddc496c

SHA512
0faad800f1c3e5e1fe459d5dc83719f7d855def0c0adea279122e8229ea120a62491b3986b97e00416c1c0813e28103dafc5a81f3b3f31435319f219dc85045b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4f0fb032eef2d07951421296515580e0

SHA1
5ce2a8769850dd78bf1076d47d23bb6f2c71abb1

SHA256
2739178126fb66eaf50406787355501dd864b45ba3eaa5a93a087f07396d1eb1

SHA512
d961226f75da835d4428485262f450b1e95d289c389a427dcaeb4fb5faec80a362d64558c61879926051081b8c7ae400b76d69609e64bcdf1f37ae3dca17eaea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21dd8f68af74b68e8391686740eb2f13

SHA1
4fbd960aa851d357839952a1837521c6ebb64663

SHA256
869a326f0b539bfd7196c26bb537f38530cbba03ac418b21dd0a3afee86e3a95

SHA512
91a0a386d23ea6a41a030ba3340ceb99e100b14a64e1f82c2baa88431959cf66ef5bb293d6521274f950020398eab064fd61192ab3294560f66b8639597365a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a5afbf7bceafcb306970b35596ebf57

SHA1
135ab5d6ea52e952d8e3b528a5d84ff37b430d41

SHA256
2d74c72dff91112da1f8bc9e2334509551f05edf5848057b8fb6d23eee4c3747

SHA512
4bd1ae04709b1c5c716726df22b83ceabd36f1dccf6dd1c0164d87fcf07218b49add340d4d4a67c67f25f3844abed67db5391a28df4cfbc79bf5cda65d69794b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c0d94f6170ffc186fd5e064c4d7cc22

SHA1
f515bbe057374780156dfde411625eddf3e648ec

SHA256
bd81e97e7bd88dffd81db1a964e24b0484cf2ed00f668f6a858e79bd3b4f017b

SHA512
bf18942183ef001a53e212e55a809e654b1ca2182c7d07c0e7ba5d6d33c617a753919119466617373293f50f6fe99a09981c29c25b906025e72f5546b0259ff5

Download Submit