49a00b23bcf200f69a2e1b72ec86358e94f13bb50c439d86767396b61c4a8408

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_56d49b06c856609b154bc395759c10f0.html
Size

106KB
MD5

56d49b06c856609b154bc395759c10f0
SHA1

4e624d5d06554ece977321b2e5c12622aae06521
SHA256

49a00b23bcf200f69a2e1b72ec86358e94f13bb50c439d86767396b61c4a8408
SHA512

ecad9e78fc5aa5cb4ac5e2154e9ad3d4ef4652503a084cbd1b64c74893ca52854a01070337caf581ae43265810d563563bf6e6873da5e9b1ba366c6ba9b3f87e
SSDEEP

3072:CVG1odKh4XkPodKhdvym2d2lCt+b/yJCDtMyriBd:Coym2d2lCt+b/yM2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2812	msedge.exe
2812	msedge.exe
3860	msedge.exe
3860	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe
2880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe
3860	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 652	3860	msedge.exe	84
PID 3860 wrote to memory of 652	3860	msedge.exe	84
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 4984	3860	msedge.exe	87
PID 3860 wrote to memory of 2812	3860	msedge.exe	88
PID 3860 wrote to memory of 2812	3860	msedge.exe	88
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89
PID 3860 wrote to memory of 4100	3860	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_56d49b06c856609b154bc395759c10f0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4b7b46f8,0x7fff4b7b4708,0x7fff4b7b4718
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12683987278526900602,5461446810051937686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5792 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
395082c6d7ec10a326236e60b79602f2

SHA1
203db9756fc9f65a0181ac49bca7f0e7e4edfb5b

SHA256
b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25

SHA512
7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27df0383d108b2d6cd975d1b42b1afe

SHA1
c216daa71094da3ffa15c787c41b0bc7b32ed40b

SHA256
812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855

SHA512
471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
977B

MD5
f16e90bc91a3cdf1e76c4d1b2e7559eb

SHA1
1499c2b953cbfb2fbfd5bf5c16713a9652b3ac19

SHA256
952b8c73a6d558af07b3650330b30435fb7a47e5370f77b55ef4b9fb48169ad0

SHA512
f35140701dc99beaf9b06136d265660f0b99949d7c78a2bc4b2f121f8223ca872155ff6249eafd97fb0ce0012100d03291d5d822c5d2cd27f49512db2475c752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
946B

MD5
cd07aa56591ecc6b5357f76df4673395

SHA1
63ebf236f03471bcb1c7e60e9157d60c2a94c729

SHA256
6e89c037b06be11ae1c543324840688d0b559aec7c5d8018fccacb881001d843

SHA512
1799a0dece2397952ffa7235a3eea3066f6c4fe2c1fbf9882a660be0a139f927be808ee3b6fc6eb5389df88cb1b4ba5de4334e8d9fcd711136c2f43d872e43a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2aa73eec9b7715116db62793fc746013

SHA1
762364ba98853ef24c6eadff7bcf987042a259ca

SHA256
3e3cd7f9b489411ac95a4971c601a0ff8dfa4a5eb8bcfab736323c4b437351a9

SHA512
dd160b6eda858dd911c305edb19a5315718d215a25bfd0f17d5378bec689660f7b760cdaadad132e1634d26e9aaed4324056b20fc443e9f7d922a7521defb81a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
62feb4b81bfc70f8796c4e0674e87052

SHA1
8924aac066b5bc14f4a448ff09f39832e4c3bd59

SHA256
96ed0465d1364362fe11fd7d29b9b31ec663712e5fda156bdf973cac99680d8d

SHA512
566ade4ab56cfbf4a2b2626f293f17f025e2509d934a94064f0d99d1a82eee3a043152f2ae3566488477e2ef32af91b79b7afc26c5d154051556599478752803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
be0681160dc8cc72307047e8a434452e

SHA1
c103fe436aa2308341d0bfd16127af59e21945a1

SHA256
314b2f5a0092e09c86ea6ac76c55aae96c89b0bd8a9195d4388eb3530e3e3f3d

SHA512
3278cd42ad18980750a77072ed85b645de4b4529bfa42d698b34b79a3d3ec76253271529fc7e3bfb9aaa8bc6d669879fd0aa10e76765e3f4b3b6686733fd4f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b8bb3da7520eb3cd643c9466263d4df8

SHA1
c81050aa386dc465936741540c6816f298acfa30

SHA256
523250852b956d7a429e17359fbaff72c69581064eb6a1ee438d30af10621119

SHA512
c04c5d874f0b76acb5317dd4f8853152c88888171513fd8e31d0bbe4e371982c335543ec84a7f37699b5de230ada3b08f695a48acefe2ee5f54fcb1fe8c6cfa6

Download Submit