dcdefb2ddc542c7d0d41f0cd684aec970b5769d9b3da7ee0ad69e907a3b45a7b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_5ea0da32fc24b454b7f66942ae5bce3d.html
Size

211KB
MD5

5ea0da32fc24b454b7f66942ae5bce3d
SHA1

8a9bb2c09a82898c6db58e86b47d3d757ccc84b4
SHA256

dcdefb2ddc542c7d0d41f0cd684aec970b5769d9b3da7ee0ad69e907a3b45a7b
SHA512

e374e614bc5a47198cf5274079e15d53d95f77806139929a10f13653f88975898b1c94e64ebfd4ea3392406a0bbb3eb17312d6b47c52578222ee0ad05866d1c7
SSDEEP

3072:orsHoddhORlw3urMRyA1DaLAZr+5/xTd5Wbb45RAU4cG5GRbmI6eMXJA/PGcxsZJ:rnrMDDaL1v0svI

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
22	sites.google.com
28	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
1344	msedge.exe
1344	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe
836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4436	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe
1344	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 4524	1344	msedge.exe	85
PID 1344 wrote to memory of 4524	1344	msedge.exe	85
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 4180	1344	msedge.exe	86
PID 1344 wrote to memory of 1604	1344	msedge.exe	87
PID 1344 wrote to memory of 1604	1344	msedge.exe	87
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88
PID 1344 wrote to memory of 1652	1344	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_5ea0da32fc24b454b7f66942ae5bce3d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff32aa46f8,0x7fff32aa4708,0x7fff32aa4718
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9075315100769808844,14986949865624019918,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
395082c6d7ec10a326236e60b79602f2

SHA1
203db9756fc9f65a0181ac49bca7f0e7e4edfb5b

SHA256
b9ea226a0a67039df83a9652b42bb7b0cc2e6fa827d55d043bc36dd9d8e4cd25

SHA512
7095c260b87a0e31ddfc5ddf5730848433dcede2672ca71091efb8c6b1b0fc3333d0540c3ce41087702c99bca22a4548f12692234188e6f457c2f75ab12316bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e27df0383d108b2d6cd975d1b42b1afe

SHA1
c216daa71094da3ffa15c787c41b0bc7b32ed40b

SHA256
812f547f1e22a4bd045b73ff548025fabd59c6cba0da6991fdd8cfcb32653855

SHA512
471935e26a55d26449e48d4c38933ab8c369a92d8f24fd6077131247e8d116d95aa110dd424fa6095176a6c763a6271e978766e74d8022e9cdcc11e6355408ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0d1751d8-c49c-4511-92e2-ff8e87b082b8.tmp

Filesize
1KB

MD5
54cb56881248a61c06748e5435a14641

SHA1
f4928ae961189e75882981eecfac71b43144b952

SHA256
03e2e67b91db962aa553a527876ba40d097c62a2f60fd1c0fbe9e2cba23a5403

SHA512
b843d1ec3d081b58bb3dacd41de3f390534b185591c39c36f8db45bd39fa5c4939fb3b4aeb8cf313b74bd835d95549c29a75e7b88a14ab614927d51fb999ae22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
3d654b2d99cf12f7649c46ad03742f8d

SHA1
ee21a954851b9521c209d6b781a6a7ca102592a7

SHA256
2895f74daa234a3a359ec6df947424e1264b66be96fe377b094a78c8c0553923

SHA512
d0c3769b67fc5a666b3733e2b5f0903215f3aee454eb32e82999f67625ca4c4d13423b2ed5d3204ff10538bd4a0b88979e03ba084e89d8d9525ac5bee417b78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
befce1e4d4c50a5063416af70704ca73

SHA1
0db5623563b10f0e601e7c9bf5fbb62f6a9a7afe

SHA256
81b6f138db274ed6905c9c673c7dfffc760fabc919987fbb4b22c1bd67a5ba7f

SHA512
5f53f0ede3cb5f868e5d851a323454363315f9144ec282c18963d40fa3ffadd99bb89179f3be816ca6f319aa995467b0d46457cec8a14a039f81d9fea49e6407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dfd0b67c1bbee2ceb2566a14e092446b

SHA1
c25e9b3a4fb36c961b572c3c9acc72cc31efda30

SHA256
7b021ca37eaa7bef5a6fe630ebc9a646fe03d3899d5e1dd7adbd119cb8c6cd33

SHA512
e7728d5020a49c9bb69023aa94ba3f61d73934a553628c3594eec1e16182c5fcf96f953f0470ace8779af27a54252d2ef5b52c3b22cf44e17f93884d330b3644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
415c7f6bf1d46361eea046c83177877b

SHA1
316b39a240c284718007b0adcb2e6eeddb84294f

SHA256
2fe529c6cab1a4a27013694fe39ecbb5404c0b645222afbc175537b1021c5205

SHA512
c362ac5a086d599e97b7fc84e17f5b90f2bffd035efaff10d95bccac797a8a360c69883e1541a6f2a8a3d2dd67cb09eb527ca2c7a109e2f958c69bc312be0342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
025ca319de26b5cb258e4878bf91e6f7

SHA1
bb4a38c31393a9220d8773754577db7f7dd0e5c0

SHA256
290239e64ae197092e02846eea0b0e0e6cb849f6ad89ee3050d7283bb2208c1a

SHA512
e7f1a7ba9fa671accc4940fd0c7ff73b7c2ca4dc30fdb45d3091a3d92ffb480eff060541e38a16018b72f2d06a94eb7d2d765c512f69cfa59c976f66b41965a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5911e8.TMP

Filesize
204B

MD5
d0ee5b24f21e1284235847a27b49fc4d

SHA1
740b6a3d24350b70520896b65f497b14bf64bbfa

SHA256
d7287523c3a871f583a9b8a797e81aa173a7d374533fe02880d81edcf552af2f

SHA512
fd09c2af307c029a505a269ffce616bdfb8f29b08a76d2f23af00dfa4a0008768cce9d8dca1f94fe86298af639dd894a8fe8fc6cd53436d25d44f44a1e45f7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
37e95f94f0ee0fad16ba0dc1d58f913c

SHA1
05d1c9f539f0acc65e0c4ac8db7e477482d452a2

SHA256
8e9d8b686718c005aeb52ce389a987ebe62a245261d3d8f3e2cf166e6840ad8a

SHA512
dec8bc26ef164da8f532cb4e4ede83dffdf7eae3e5ec33998bd7e928d2febd08600080ba9db4581e77182df51e6ccec15efbca6030b64be7cfd8c46751f16485

Download Submit