92a11dbf6bb8c7452b206a1509852badda1fb2e9d369bb2be4aaad9e6746949d

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 09:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5e619b982aa1673e43b723033d503f22.html
Size

66KB
MD5

5e619b982aa1673e43b723033d503f22
SHA1

a4e688d907740f7acf4e2f4bfa35904747ed43fb
SHA256

92a11dbf6bb8c7452b206a1509852badda1fb2e9d369bb2be4aaad9e6746949d
SHA512

f714a6bbf953a196ce009dfdeeea0661f4bb72afc1a3a5651b9246cf4c97fbcd72fdddf604b979114e3bcab21d816f9b46bea49c5dfffdf47a77d366fb27418f
SSDEEP

1536:ZYzGwhEGtlNJQL1s2STKIzLR7p4Hsj4sRGQf1detHW6:ZYzGwhEGtlNz2SmIR7p4Hsj4sfdetHW6

Score

6^/10

discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
98	https://jira.ops.aol.com/secure/attachment/688199/failwhale.html	3516	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
1944	msedge.exe
1944	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe
1944	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1496	1944	msedge.exe	83
PID 1944 wrote to memory of 1496	1944	msedge.exe	83
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 4280	1944	msedge.exe	84
PID 1944 wrote to memory of 3516	1944	msedge.exe	85
PID 1944 wrote to memory of 3516	1944	msedge.exe	85
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86
PID 1944 wrote to memory of 464	1944	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5e619b982aa1673e43b723033d503f22.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fffb09046f8,0x7fffb0904708,0x7fffb0904718
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17144642591362357062,17288486646855707082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17144642591362357062,17288486646855707082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17144642591362357062,17288486646855707082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17144642591362357062,17288486646855707082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17144642591362357062,17288486646855707082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17144642591362357062,17288486646855707082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
25f87986bcd72dd045d9b8618fb48592

SHA1
c2d9b4ec955b8840027ff6fd6c1f636578fef7b5

SHA256
d8b542281740c12609279f2549f85d3c94e6e49a3a2a4b9698c93cca2dce486c

SHA512
0c8a0d1a3b0d4b30773b8519a3d6e63d92973733da818ca9838599a9639e18df18ce31ebf56f46f6bbb7d89d10c726f4d73781e154d115a6068a3be7dd12b314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94bd9c36e88be77b106069e32ac8d934

SHA1
32bd157b84cde4eaf93360112d707056fc5b0b86

SHA256
8f49a43a08e2984636b172a777d5b3880e6e82ad25b427fef3f05b7b4f5c5b27

SHA512
7d4933fae6a279cc330fde4ae9425f66478c166684a30cec9c5c3f295289cf83cbdf604b8958f6db64b0a4b1566db102fbcbdcdb6eca008d86d9a9c8b252ff16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
db80bc5c39ab190bded1935c31634c9a

SHA1
6171444d102b6e0f790596267fbbe9659281d49f

SHA256
2f6023d8bafdccb17d0842001f86f43428bc2c852713f3801b025cf394f8082b

SHA512
356823ca29a8b806e3e19a0798b3e81607299b87fcafcbbb3071aca9982bb1171fbd389904cf602a553e8a4f2ee5a3159ef7829abf47bb9a5e09ed3cc0b1ec1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9c794bbfa89c1a2223d1dfe15a583166

SHA1
31d1c163f2f6e4470966870e8812c16c29cbf9aa

SHA256
4c0fea8113f3db86bf08f47a1b436cd5296995daaa2cbfe02fa025fce98d76ae

SHA512
04108898750332eeeb2a31aebab43ad8d4e10a519077d7e0e4390448982b06cc8d306e0416e0e7f56987611505237d34ecd37d1733cd7151ad3bf3be1fa3d77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
779df54365d770df1a745b7b04edb04b

SHA1
7f5fdde6c2f578400b1f804bdf15f448873d8350

SHA256
d2fb11fb0514ed7a6a093af2034d1d7c2e75dd0e5a33fb05c918352faf51574f

SHA512
7fc5014ef44481119f29245ed2ec8e3a00486111ffd0bf67ba2ed2e4a393d2c315915ebd2ee2aedb6ff4f30cc0e44c69e5fb441bacc4a527827f8f71126c5ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45920d48eecd5fcd41350813fd50350c

SHA1
1083af3823a920c7e202a1af60087f411ecffe6d

SHA256
d42b3d33953ddd0cf000ba4a7cd86dfb9225977cc7cb654226f3ad2d1f65dda8

SHA512
9ce93e4d0ad5f18c578a1c2b9112c0a561e83b49af24b22a87d1af1173bf309a8b3f9b0361ab5047457e244121cc89451441b86a26c13bda7a4c1358f84dc43f

Download Submit