a515f4662752fd68910f5a39806ec393db7e64fc4cc344b1926679a6004ecfb0

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_68c565e950aff61d5813541a6f7db080.html
Size

81KB
MD5

68c565e950aff61d5813541a6f7db080
SHA1

62536f1135bde7134f648515beb866e3dfc088ec
SHA256

a515f4662752fd68910f5a39806ec393db7e64fc4cc344b1926679a6004ecfb0
SHA512

c4774d57b4ca5fd4ce70b3450fcc72daa7a3cc521983fcb9014cad02a37e48bb4df2dff2fa9312cec9db107977938aa564732404c62dd22af9b2e19b8ac46368
SSDEEP

1536:Cjx8m/kj1odoh4XZPodohUeBFCutMKa2Ld:CZM1odoh4XZPodohUeBFCutMKa2Ld

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
372	msedge.exe
372	msedge.exe
3020	msedge.exe
3020	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 652	3020	msedge.exe	85
PID 3020 wrote to memory of 652	3020	msedge.exe	85
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 1884	3020	msedge.exe	86
PID 3020 wrote to memory of 372	3020	msedge.exe	87
PID 3020 wrote to memory of 372	3020	msedge.exe	87
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88
PID 3020 wrote to memory of 3532	3020	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_68c565e950aff61d5813541a6f7db080.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae28e46f8,0x7ffae28e4708,0x7ffae28e4718
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13000459319383333175,3304525296390782952,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13000459319383333175,3304525296390782952,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13000459319383333175,3304525296390782952,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13000459319383333175,3304525296390782952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13000459319383333175,3304525296390782952,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13000459319383333175,3304525296390782952,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cdd2d2aae57f38e1f6033a490d08b79

SHA1
a54cb1af38c825e74602b18fb1280371c8865871

SHA256
56e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff

SHA512
6cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2b08db3d95297f259f5aabbc4c36579

SHA1
f5160d14e7046d541aee0c51c310b671e199f634

SHA256
a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869

SHA512
3256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
904B

MD5
a9b87b616780e53abc01656dd9151546

SHA1
c8efae2e1bb860d4be27bc3d7f5845cf49b9439b

SHA256
4e612e2e8763b9ab8e9881e6b7a7b33bed873215e8371cf72d6c97bd189c3f68

SHA512
efb792cffb4903d0c47e9272ea1ba26c512f6516bb745c5a95756c8dd1707e6b2ab67b475a31c2486776ccf8f150b28a26fd175858301562b63b6218f385a46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
873B

MD5
ec6aabae36ec7689a99de9f55d3f7b69

SHA1
65b74ce451d53868f4dd85372cafb15c76de611c

SHA256
61112325a7a1b41d0aea985024aa96e324bf6a528a023eabf705b00e5a7a3f4e

SHA512
b265a2cd35426d81c380394413de817d9ab710ac2bdfc8880a79a145fda83ad9c791e9562b1176ce7ef179347459386d009283aa809b29249aef8cfac9b477fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a62c55f7057a7a2df3d04e3723cd6e3d

SHA1
be997173f63a9d18f3ddc051d1afc0dc18483286

SHA256
ef54594dfe295380046c6fea9dbba31190ac526a0ab601f8cb8b2741f8fc3baf

SHA512
bdf27b5c1053071c36f01f6ff69726553b54eda4a830b0a21afb1fc78174be2efc168cbbdeeb6278f178ce0a3e84f362e68d341c6045b22e6d6e340a290850f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f7bb6c0f8a938bba25d18070855b1ca3

SHA1
b15cd629bbb39bb1ab99004454be90e9b8a69e3d

SHA256
e46c7ee300773f58aedc38b4f48102f63ae29f8b7f63b84a8bcc7f4459957f57

SHA512
c34562513c1c7ad2faf1cb191fc3948ff4f9fda4382c1ab60e70762b809df43414d8db6794a590537d9953d2ec37c3fd0027115924ee54f21020016fe892aa74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
951aacb2f00ab258a91f65a237146c02

SHA1
52d424b064f85c811c3d1d9db3477692a5afc7b0

SHA256
563e68db0eef1d62273dbf1e9608b93de526987ee92f1fb29510a22b54417cab

SHA512
e9406238fa72bbaccb6e6c242edadff36d112c494b3c833e5c3454a47a46f4f8da15724ff3ecbd1a4034b617150728cb9f7859497b9074ceade9fa1e33e90761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a72d886e296353b5c2c1a3048985b064

SHA1
2a091bf841fd87dac457568601c553d47e44ae1e

SHA256
1dbee7ba8e25d9783fbbd67cd1946bc16e8378fc57f53ab9566fae165dd2f067

SHA512
b4600cff8fc1e38705b96e5ce4b7ab3d45a1b17b2033f9c6e803bbe457d62b8731b7c94889c37897dfb16a3daa406861c8e2a0b3a77860a06bfac20ac70b03a9

Download Submit