83187f1551f253b8427c0d5fa6f41a6fdf5bda9329520cd490dd274d035eee3b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2025, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6217ff9ef19810ec58560a5ba5c9ae89.html
Size

72KB
MD5

6217ff9ef19810ec58560a5ba5c9ae89
SHA1

bb0a2dd4990e6fdaccd24fbde52817ab6fd1e70c
SHA256

83187f1551f253b8427c0d5fa6f41a6fdf5bda9329520cd490dd274d035eee3b
SHA512

0e49dcbe455838fd3d13c2e72a1d6251c9076c232e11583cc53c44fbb58683fad410b76d322bedb3ad1988a2d92650b83514665e73c072cada5353ccd16c0fd9
SSDEEP

1536:ZXzGwhEGtlNJQL1s2SZKfA1nO1F4Hsj4sRGQf1detYT6:ZXzGwhEGtlNz2SwfQO1F4Hsj4sfdetYu

Score

6^/10

discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
89	https://jira.ops.aol.com/secure/attachment/688199/failwhale.html	5008	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5008	msedge.exe
5008	msedge.exe
716	msedge.exe
716	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
716	msedge.exe
716	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe
716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 716 wrote to memory of 4444	716	msedge.exe	85
PID 716 wrote to memory of 4444	716	msedge.exe	85
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 636	716	msedge.exe	86
PID 716 wrote to memory of 5008	716	msedge.exe	87
PID 716 wrote to memory of 5008	716	msedge.exe	87
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88
PID 716 wrote to memory of 5016	716	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6217ff9ef19810ec58560a5ba5c9ae89.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc02b46f8,0x7ffbc02b4708,0x7ffbc02b4718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,8864063862039171380,1716196574744728232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,8864063862039171380,1716196574744728232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,8864063862039171380,1716196574744728232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8864063862039171380,1716196574744728232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,8864063862039171380,1716196574744728232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,8864063862039171380,1716196574744728232,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5da507c2059b715761792e7106405f0

SHA1
a277fd608467c5a666cf4a4a3e16823b93c6777f

SHA256
8c1d99de087ac5f2e7b2afce66eff36a646bef46800c0c1d7737d6f0df74b7e8

SHA512
01c92729dd8061aa122b116a674c73bb78016f66d2cb8f7fb64907352758a825e87a1e345334386440699d2a6d1e17baccb400c5aee151eb64e64019cbebb870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c6e13dc1762aa873320bed152204f3c

SHA1
38df427d38ca5ce6ce203490a9fb8461c7444e12

SHA256
5c441148843b7c8dbff4c4a72962a532aaf0bdd484d07a03dd9a32fd461b1371

SHA512
133054cb042e11013bfdad1bd11e3407d08cf26a66d0743bea9708d261aa904a1047bb0097b187ecf8436cb6cff3bec28c89e435862cad0e0fa264799556b70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f2056b064ee60f400d0669a184c3879f

SHA1
f5b237eec4d2816d5374034188513d63b1c82c7d

SHA256
49fe58cc98c8754168faf7d5f45a4538e5b6c53ef9388c5715c0cbbd6563c15b

SHA512
524e3d012dd709e2d5af60b6a9df4f66743d7dfd90383ffc716ea9e1c54349fb101165db75ebfbcad0138c9f0c09547365f9f41f53648d82b78d4d7978c13c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a198a6aa02dc008d548bce8844aa0552

SHA1
5e322c5977a9fe148ee480507e26984ee0a37670

SHA256
1d45e852d4e1c0b1c26771f21be224d249f48de69032a7558ddc8eea7f5da53f

SHA512
6fd30d772ba3eb208ed5a0a31216b7392271b010c37d647817354cd3bb1f2027c1bb9b03120123ca6a5898c1788c9d9a69b83df74eb8c8db7251a0d75c6ea166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be130a7636eebe3722659368a347ebee

SHA1
1062584a757ae1e6fc335ba582b25427ac58196a

SHA256
5073b59672e70dc87914ba1a7820e13b7cc6850f70411cc5741d8036e00869f7

SHA512
2d55bfb9ff0aa4d4a9d0059b9843729511162d271c1bd59a4287cd13253e723f2f1ccaf0f06cd14b626131b616b442133776a8aeab9cf86f91169cf2ee66c78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cb50ba67-e2a7-40b4-b7b4-af1414a0aa21.tmp

Filesize
10KB

MD5
34f9a24b35dfd3466e57df71b79a4631

SHA1
efba7a8bb9c42e30decd78264e7a7a6c71170c4e

SHA256
ce27c1f1bfca8d3d315553eced80fbf62491934bf8cc13d833900799a14b12fe

SHA512
213cec3acda0ae2da77a9db0246bed5d6ebbe3ea8a9448b48c69d0951b55d88a3d38f49bf256e26babb00ccab45af0dea485d94f45cf4452bb41d1fc3cfd6b0f

Download Submit