a030d67e4f661a4c48dd3371f465a6ec78a1dbef40de112a0d5d10e6acd06ae2

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5650f02da5142b779a957d3e69979dad.html
Size

225KB
MD5

5650f02da5142b779a957d3e69979dad
SHA1

8c5de0fcbac847c70be682d54d4ac58190992409
SHA256

a030d67e4f661a4c48dd3371f465a6ec78a1dbef40de112a0d5d10e6acd06ae2
SHA512

fb3e0aa190b3c5b036148f9e6782dcdf2250f279b39093d16d884c7b452f8bb3c640c01ce57dbfa4f665bccb67e6cb4beb0e59945fe1600184d59336d108d687
SSDEEP

3072:Wnw5lKseu3SfodchbnpZKmwqARwlq11MOnv8sF6OZ7+3Vy+2ZrNSh/MxY+Kj0My4:WnwPKsUqSeK

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
25	sites.google.com
26	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
3976	msedge.exe
3976	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 5184	3976	msedge.exe	88
PID 3976 wrote to memory of 5184	3976	msedge.exe	88
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 4152	3976	msedge.exe	89
PID 3976 wrote to memory of 1876	3976	msedge.exe	90
PID 3976 wrote to memory of 1876	3976	msedge.exe	90
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91
PID 3976 wrote to memory of 2352	3976	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5650f02da5142b779a957d3e69979dad.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd137046f8,0x7ffd13704708,0x7ffd13704718
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2922401766901532627,2135314654491822203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
79b216cb128c198a9ca963dabe2c8561

SHA1
df63781dc03a15d42fd48dae8982a7fbfaa580c9

SHA256
5243f98c1ebb0ca745fce533aa71f3d98a442d9f8cd5accc87c8625214a15716

SHA512
b3f14c65a42e5614594cbc76d77725a88869e9781fea5949f212707aefa83fd5022b9727b77dcb7fb190c4c9462a880f0bd62aa329ffa84af1f4d7203a2e6101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
487eb1755640a79e08783e30a2460683

SHA1
f8eb223958e0c3089efbc9e77c6631f966f98da4

SHA256
5cd518f9c2259f56017343c79835347fc99369ce01530feec493b84dd39d58c5

SHA512
a5572d1d36e6d15937c921dcd703001ad0fa7748b55f4d8ab4bfc89bd28d5db3402dc838e12651add1884f995ccc7d039fe71286104c534aa20fb6d2c575c68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c546f0edf4423d5a2cc2ab9bc9868d4e

SHA1
cb14ab62251743094250079dd302663c485a9b40

SHA256
608f504f7e9f9280e356097ddadbb3471565fef7aec8ae23b7bd8f5b32f0df00

SHA512
bd72e70bc6054768ae922256fa2bc9506129a86f6348e5f80f18ec1fe761e55eae1f3143e706aec0195dc6b0cbd7226be8f6377ceb67767efb8931b55e76da98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e04943cfeb9e52bfa86a9d9eb10b1f00

SHA1
cfdfd1af791f8149013597518e6a6dc430172f5b

SHA256
0a78bc5126be001f6e75f7974c97785674ddda57fa649c64d3ea0a98839838a9

SHA512
a446237596e0cda253368dab78f30d8cd228e318916f132f60544538215a167f682fa44e36cbc6f9041c347e43e4673ebf2f82751c3275d25d83c29be1cc8566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df5df3db034b7d39e20cdfdf1d99e3db

SHA1
555762779762f1beb74f5c80ecc392ea4b39e705

SHA256
d5892f066ed92b17ac28a3d1bbe18a111047f7f01c40da9fdee7f15e10b1cdab

SHA512
87b1a4f7eca315a00f297fdf927c6863c5d337a69b5e63452794262e14826ea48978eeded640a35631c2b0c4b7f315e787ea087fe5ce8bc39a5ffc1e5213cac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f7451636-9ef9-4b02-9bd5-87ed813e4790.tmp

Filesize
10KB

MD5
84fb4e59d7b0cbb6ed108d985be33422

SHA1
ea8947c71d4a3bd66106fa71ec9d1a5c1596269b

SHA256
1ac5160f57477833fbf540ae8ee327e05b22079f8ee721336aeadd07c9f1e22f

SHA512
f518908e49fa8e4f5319ca3d552625708ded94db1282df5e6fa655f7ebe1b8bfffec5b2ca4db964a0f563d39ca8f63c31415202d35a67c86c80a13150cb8463f

Download Submit