0efd88e5621ac0e4b304b7c4d069132fac1de64e831cbfbb475c7000fc418504

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6168fad5552454d439c21a8c0846f5f5.html
Size

135KB
MD5

6168fad5552454d439c21a8c0846f5f5
SHA1

40902705b9ff8080d8bfcd5346dc5f7accf6180d
SHA256

0efd88e5621ac0e4b304b7c4d069132fac1de64e831cbfbb475c7000fc418504
SHA512

4abb0c12ddad9afd8c117ddbd8bc9f60856d9734cc60ef99a38195a9eba74915429f94916eadfcbd0036ed481dce9b74284e8b6cdff1a04d5d10fe45d7c636d9
SSDEEP

3072:Cu+lodohCvVcodohjR558zfTvICutMC/7td:CRv6zj0X

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1684	msedge.exe
1684	msedge.exe
4976	msedge.exe
4976	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe
4156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 3640	4976	msedge.exe	88
PID 4976 wrote to memory of 3640	4976	msedge.exe	88
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 4436	4976	msedge.exe	89
PID 4976 wrote to memory of 1684	4976	msedge.exe	90
PID 4976 wrote to memory of 1684	4976	msedge.exe	90
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91
PID 4976 wrote to memory of 440	4976	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6168fad5552454d439c21a8c0846f5f5.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9deea46f8,0x7ff9deea4708,0x7ff9deea4718
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8108303332268148716,8955939920222279560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8108303332268148716,8955939920222279560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8108303332268148716,8955939920222279560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8108303332268148716,8955939920222279560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8108303332268148716,8955939920222279560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8108303332268148716,8955939920222279560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
904B

MD5
bd62f9b9010fb2307f7587d03408863b

SHA1
4b2c759768afa33d9c5911e37d5b81c11260ed85

SHA256
170f5f01dbf4e5eabc48ded028e6e00441e140a7c63f6915d7fbb8ca11be7bd6

SHA512
d9ddb99c43c1c716be3e64538a5466e4aa5985469148d59d931199c2c964117f39b4c360a997d65a903a52764dcc0e98eb4df71e04ac622dfc561b13a1683d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
873B

MD5
35cfebb0585690d44598d8dd67c1222f

SHA1
8b87c392d58f606e828dd5011830590459a31f79

SHA256
189e224c04fe44afcecd782bb184b91adacfec7db0d1c17b7482f108cc98fc52

SHA512
165d8ecf567c3581c2d574c8b5a9b8746538c8b7d930fe52d99c680de65750949978fbbee807be0adaf9d17197492cd26dbd4e5b763d88fba3a7f22e90acf960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
455086feadcbafa511a870e5d4e4cf7b

SHA1
ec27dbc0fb6e72371128420971ca8588395a2c05

SHA256
6de8a8d35be5fdad57aacbe5e73de460ab97d533ce0b69ab0b4432b7dc70fe2a

SHA512
aa4c69b132aff09bac3effc11128e105ab5238f2e99dea643ed58def296c4a0f2967096f78c3807e79712ecb91b631db64fcb5324a6e2df26f3bbb57207d0313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
542910b9381d9f9878453f985186d457

SHA1
460b7548be0bb65aac4a5a76dc4987d5f2c7a02d

SHA256
00afca9abb15c246a1df2dd6d9a7498956839c4d688692ce25ecb8ce035b51f6

SHA512
bdea32b3dcfae1adf46b94b26fcaaa3598d52b8bd0233fa2975544963a8a447bc2390966bce253144d25da472dc223ed3b49ea1ebf5a1414030de13e632c82d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bf61814606426f7137c22ccb229c679

SHA1
e9c92524270742bcaa46311a41b52090ac50e811

SHA256
869e836586d44b01ca2df1e7adaeee05f3ca1953d7a9c807d4723da1645551cf

SHA512
f084e509ac4dc0d62e3a03357c623ebf7375e22acf02da239e843a67944ba9df8cb9ba7868cc5e21f6976afdf3193971bf336f320f21597c43692e75620c6461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2883f10c082b30e8c71411e8dd07d149

SHA1
fb02f98c5f28ba7246eef8b4a40aa2c86eba8b8d

SHA256
b3a00e63338ef41c7c7d034c05ae9012d506fc8ab638a9cd8a699fb20e7d4531

SHA512
de8ff3f8c20c0f8ee11e0d118d8b25a05670d675942dd0b8ecf46695414de8d564e0d958a51121cdb8413870b7e90ce00bda6093ef8b2d46a745d8eeb0efcfb7

Download Submit