009d5916fb38c565aa2668ceb35d6f2e8c2abd6c0de3abf11564ab21a29f90b9

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5c6aef976966ec374e8b74c410befba1.html
Size

225KB
MD5

5c6aef976966ec374e8b74c410befba1
SHA1

0ce74892fb0eec08f6e2b94408b96d1825fb27c1
SHA256

009d5916fb38c565aa2668ceb35d6f2e8c2abd6c0de3abf11564ab21a29f90b9
SHA512

cda10d8b183287297e7b628a3212f2a9a25ded570e52e607c39cbd04d676578d879447e9a988a9334dc735b9709935fd18d28d95ce17e85668d2a9e7c291ac35
SSDEEP

3072:Xnw5lKseu3SiodSh5AWcC8mwqARwlq11MOnv8sF6OZ7+3Vy+2ZrNSh/MxY+Kj0Md:XnwPKsbA5SCK

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
21	sites.google.com
22	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1988	msedge.exe
1988	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 3432	1988	msedge.exe	85
PID 1988 wrote to memory of 3432	1988	msedge.exe	85
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 4708	1988	msedge.exe	86
PID 1988 wrote to memory of 1128	1988	msedge.exe	87
PID 1988 wrote to memory of 1128	1988	msedge.exe	87
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88
PID 1988 wrote to memory of 1372	1988	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5c6aef976966ec374e8b74c410befba1.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff944c446f8,0x7ff944c44708,0x7ff944c44718
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1188 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17114030991171830091,51761747710105028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cdd2d2aae57f38e1f6033a490d08b79

SHA1
a54cb1af38c825e74602b18fb1280371c8865871

SHA256
56e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff

SHA512
6cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2b08db3d95297f259f5aabbc4c36579

SHA1
f5160d14e7046d541aee0c51c310b671e199f634

SHA256
a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869

SHA512
3256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3917c4155b7479314d69e274c3a4f628

SHA1
3581e4a85d8c4c308b05837a1b2e483e14be93d0

SHA256
452bd7fc1769dcd6c4890915dcab3edb871b35a63e15838931d7d7ad5ab04f11

SHA512
ad16700be6e806f59568429b8c6fc40441eb10278853c0877a0ff993b629a648d4c895e93675c5cd377374893517fa826002c92a08871caaa328dd9c74b995a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
2e229b06cdcf2208775e0efc30afc5db

SHA1
c24412973d538ba220e46cd63acac11915cd62a9

SHA256
473e9bf3a055c7d023841522c72073027012843880b7363012fae45917503f6e

SHA512
860444c41a1c9a230b46e25c234cc03efbddd8dfc4690082bb9df16067cdc69bf2469bd8eac8b3688d4156dc3453770c0126604666ed50d6a8976e0f4d18ee73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8763158f6351e1c0b81c50ac1cec41e

SHA1
efac03a512e4f7a131ec3ea845598f054d41a3bd

SHA256
4c14167df3380ea84cfb5ccadba7a02268a42737ff01301fb28d27b0ecd88076

SHA512
6949be05392ed99c76f711dc2173d824faa73d3ba26379a93e494e4785a8221664b30dc4663bf278808386a6597d9ed9166e67c6cb046de044ca378d55c6523d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
827246c68f84a403b9262c632bc1b068

SHA1
a5be3286a661307b5e0884c6563520486a49fe6f

SHA256
2ff76ac6eae4b4c69194fad26b4358b4512932899ee79cdfb6dbc0a849938399

SHA512
775540e2a379f76ca5160db902277283f2bcd36e55ff14aa0e46dc7a40fd06cd3dd82c4d2f89a7b0dde02eb3cc9f3c28196879198477c983afda6b47e0bc5ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
321455defd4f87a520dd97d7be52f283

SHA1
d1198db51ecc000b497c041cccb9c298e83fff38

SHA256
8ee378a7fcd319e0370a34ad8839b6200a73ef899a4cdec71634e4d5d758c33b

SHA512
9a5c671926bfdda5dfe6d726319f667d893903f341a967cc8f663b75545164f4039bf597f81f50b32adbb1f20e7c230113861a6edfbb309b21c535d2690e0248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0a49c7fe00a93c2ee9e77a746c16c08

SHA1
b0c32cd127e96a94f9de96c03cc91129a458676c

SHA256
5bd4dccedfc4785261756f9986b8bd9ef9cb78f094e72146fa2ee1258b710815

SHA512
abb6c1719128101c564c3830413d72bfa5ccf33441d3e4215eef4bb4a45f7aff7841cd171e132b2f88e91c6acb80c1c6f4b1c63ae143f0f20d2fba81fa843600

Download Submit