2bad27df476e1bea433b99b054fe51c1ee58ccb2b41b575efc10348b7b59f724

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2025, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_65c4ec7a944178078bafb97c8f91e7b0.html
Size

117KB
MD5

65c4ec7a944178078bafb97c8f91e7b0
SHA1

947461b6f43d45ecd26693a0670dda8d8eadd183
SHA256

2bad27df476e1bea433b99b054fe51c1ee58ccb2b41b575efc10348b7b59f724
SHA512

24ccfe78cf4f40bb6c24f1c244f31d321e5566e3b9212abf9b843e99f62753a57d287e68e4551401642610a26e7ff3699efedf310a40bab02c24ad7633ae211d
SSDEEP

3072:CV6lodohOvLAodohLuePYmzJxCCutM/d74d:C0jwmzJzO

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1632	msedge.exe
1632	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe
1632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1896	1632	msedge.exe	86
PID 1632 wrote to memory of 1896	1632	msedge.exe	86
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 2492	1632	msedge.exe	87
PID 1632 wrote to memory of 1484	1632	msedge.exe	88
PID 1632 wrote to memory of 1484	1632	msedge.exe	88
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89
PID 1632 wrote to memory of 1748	1632	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_65c4ec7a944178078bafb97c8f91e7b0.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc8f5146f8,0x7ffc8f514708,0x7ffc8f514718
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,600930028902970423,9550140504659290894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,600930028902970423,9550140504659290894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,600930028902970423,9550140504659290894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,600930028902970423,9550140504659290894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,600930028902970423,9550140504659290894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,600930028902970423,9550140504659290894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5131b775848795914147396d64724bbb

SHA1
3c98f2e2f0240ac6f5b534b8da3e7cba180eb2c5

SHA256
a1a373baebb3a26a3605868f13718264cb73107580f131fab643086ef0e7e322

SHA512
c59cabf562ff42a8625122fcbf03652516af7f93ebd8abee8eeadf1efabf29ecc86997d7a612aa39a999784cdd56daedf568539ec3836a10e23ecdab206e25ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
873B

MD5
4f2b52f24a3dd45355858a3f3c9839d6

SHA1
420790d403bd6f774dbe8788d627f6965ac35a4d

SHA256
9a5a5b85c995abecf01eda5177e470a44962a4af3ab64e22d639173d1c2c6ab8

SHA512
9a75c447f82825f54835984f537a3838286803f2a5f805fe0d17be12f4d76f6c489d320b8aea5f8a8d7b85b34197a58339b1c1baab1940808b10333fd4fef3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
904B

MD5
4af03b2c9f419e2f309a32cb96995acc

SHA1
cdd64f0927b3cc1ffcaae3136234ac0d6388af16

SHA256
d8bea9d5362d2bc8af6dea3b3aa9edfbac4eb0081ec864ea6e0159152c2a1b23

SHA512
a1e7c16aa2c095c5c98cecd941358a9e1d3af54d47c449fd4cfd8e3734c68564de522a8e37b77fbfa6a4f19ef43ca971133adf869f65934669aafecc70937711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa9396ca001d918eebf09523a12a2a95

SHA1
be0a63e4d7f2745283550be66e9177b34251bace

SHA256
31d0c4bc7cda38d447cda1943f9551ebbd25be81983691ecffd9b6e6b876fabc

SHA512
ab0b063406d68ec443851a7b5b413003843ebd854f26e33774a97e630afd944e4bea94504f1513628a00f61e016e78a0e5f2bd0077101b983a351d81b0e6471f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5048c0a665fa0625d58f1adbe943fcd7

SHA1
ddc423f45f8e0f741fe47bed7a4df7b9cd7266ce

SHA256
bb3426867917a5101f4c898884721d4b04a01a69e4ed10ef505c3d9e4148f747

SHA512
53b675e5bec138c542952e411df2458ba3955137386c8403e1c3ad3331433ba67715cc9bd04f53519cfdb17cfef8e1a20c5d5089d4a570d5a894336a84b40f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3e72b7716952ec602ccd2086e327c17

SHA1
6d3e0ab9a655ab54fd2d00529f09d885e65a68a4

SHA256
4d0ce41c6b0dae3f80a4dccb41903429d5ae21c17ec6f3ba13ccdb7ee7611586

SHA512
dabb115c5c433eddb6161e755dd0edcef2269225446cca50808a40f8545f661f3e104e7a376760461f222b0f0e6cbc6745ffb0acffe17230eb2fd017302c0d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
cbadef928f2fc6011e6653fb0abb8080

SHA1
e9049f10da10ea47f4b9b17c4f2be0893a78906f

SHA256
9b21a0e1128165f1f0553dad8f7db4d9e0550686a3518df59db388b32a97ad7c

SHA512
99e56d3b3095c92ee1f1807cfcce7603b691da26a6d3ae8437d65818cf37e47bc9389f33f3ed1b31cae5e0b3d7d55bb83cf9a239daace24408354e0629d41e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f491624ef5082b625aecc029bad7ca83

SHA1
ae45acd91171a52393663aab986acfc31bb8e3da

SHA256
946c2104cffee342424512201a1d588f327b8cdcf4975c0cd261a099f4bf2ddc

SHA512
304eedc87dd8ce02ec24a709af6bf19d6866c5b16ad518ae7712331ed13d4bb261732258f17acfd3fe88295d507a329bd42aaf317a6ed2f3afd98ef317fdac69

Download Submit