9fb37f4ea64e084c6e8757058426530e129f19bc68571e497d7868cb1f7f1201

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_6986ad8b83f66e359dd6c8beb758549d.html
Size

135KB
MD5

6986ad8b83f66e359dd6c8beb758549d
SHA1

cbfe9bda2822e883b1ba8baf79a196b27f7066a1
SHA256

9fb37f4ea64e084c6e8757058426530e129f19bc68571e497d7868cb1f7f1201
SHA512

0c560a824992f5ed9fefa9e8f76ed6fdb60a4bc47f208f41321dd4e68e59a5e4cfb12c6f79a94345958571b8306a64e0ce41f5bfb967878896ec6793eb43708f
SSDEEP

3072:+mHod7hgp/1mmthNrDO7RWZy0t8aNrRiBd827MOod7hu19pUWxHfod7hI5tMQfwz:D1mmthNrDO7RWZy0t8aNrRiBd82RBVg

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
27	sites.google.com
29	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
2680	msedge.exe
2680	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe
2116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4652	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 232	2680	msedge.exe	85
PID 2680 wrote to memory of 232	2680	msedge.exe	85
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4528	2680	msedge.exe	86
PID 2680 wrote to memory of 4604	2680	msedge.exe	87
PID 2680 wrote to memory of 4604	2680	msedge.exe	87
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88
PID 2680 wrote to memory of 1272	2680	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_6986ad8b83f66e359dd6c8beb758549d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad04f46f8,0x7ffad04f4708,0x7ffad04f4718
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10936915161931695816,9526234953489846429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cdd2d2aae57f38e1f6033a490d08b79

SHA1
a54cb1af38c825e74602b18fb1280371c8865871

SHA256
56e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff

SHA512
6cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2b08db3d95297f259f5aabbc4c36579

SHA1
f5160d14e7046d541aee0c51c310b671e199f634

SHA256
a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869

SHA512
3256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
99548fa8e1281a155a30dc12029978bb

SHA1
948c77e1f01b2ece428ef0a67a6b381b311f4ff9

SHA256
c9e701af990de433860ee081d413bf3d3a3a5d72375f7e4583a28966f73f0440

SHA512
4db084b437a360df697f306baecf769741fcc7e564a5adbf0d9aa04f37153c6f71f9c5c542f75985925dba4cf29d2ec0277950df3bde8ad714916f099b72c588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
78a5b6057539a1c63a5949bf13268f43

SHA1
3c4817fac74d7cb0aa765750e5f7922655f185c9

SHA256
22049ef1908352ee06f30cdc2a0905c2aaa627d0385f0831057094eb0a684ebe

SHA512
2efa476ee0e2e1e72704a7d0127323d6414943e89d327a1c1a93b3eb74e8badbd59f302292379d8828f0c024ca8b1298d723dfed881514a801f12d4b43cfbc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
83b9fc5245bb7e0f9aeb4298b743bb14

SHA1
db952a10187696dd939a1cd8498ec91aef6a0e68

SHA256
b62bbefeaa1249b94c5f0510760091be249e965df61b2abfaa568a8f8c54521c

SHA512
07030a24e0db5717cfede7cc62a69e91989bde2c159896a69d501f4312ec54c7e2550a4ed540337094e0afd034a43250deb674d87aacda79ac43937315ccb9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
280ff7f3f776bb4c87be09f04a08ba7e

SHA1
5593434895e103929536a04af1ef5cc523979af6

SHA256
6a250ae674b2d743bf2742ad91ed820e9e9e64bb2d44dadc967bf942f3c980b0

SHA512
881fa3b38d193df1970751f2409c761b151429ad1bb39cad1a08071f6a5d96213205749c207a3c4fe3a84dc005909c91d4405cbc1288a25b8a71cb969a528e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ab58ef82052be234367a684f7026ad9

SHA1
c09916fc1e9f4c83b1cf1fe2521615703d24431e

SHA256
e28d1afb37c2703eb9156f8e26e64a904e656c6133ff0bae8e7d0b62b4098926

SHA512
97607f538dbf397a5985bb143cf48f4ad4a1164c9e7529d602ed21a8c84dca8f95592792cdd974165374f98b205a6ad58b574c808972c208df36d5ef9919e954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
a28dd0c2cdf872d42730aa3bbe8b21dc

SHA1
c1b08a22baf2881fb19d220d2759bded97f7c086

SHA256
b11de232b8d7dc36cc34db5fe44d173a58167171da23ad4495e2aed0f00b3cd6

SHA512
7901b0648e5192e26ac0435eb3bf834096cb40a630b3f51831f4e75d323b15a5b8ced24d920a7bb14e5b2a9db4c2cc964ebbd884813c2273f74785572fcfdeaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598af0.TMP

Filesize
204B

MD5
ca3a1543f71bdcadb5e1fa052162ec6b

SHA1
9a4caf0dd60aa24f4d0ccf04fe0b08cbcf3d3b15

SHA256
79e722a94691494679371570ac43d936773dcca6bc9183b8c720a466a1c0b9bf

SHA512
801e3aa61bb1ce8df60413b9e3432abe95d134199ab20bd51bb7c9441d71b1ddcfa2285340cb7348d1c6129de2bb53ca4f5c75fde1bd6bcd6719b26a1c6329e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f23067c4a4367713094d72b1e299da3a

SHA1
fbca29472e27579876764a3fdb70c904ff1acb91

SHA256
9c50b6eb413923d577d799570667dd9376f62214844ec30b7a0afdf655ac516e

SHA512
1b6752fe4f4f9c7117cee51a0bf65f4f11b8f821abb2e0c52140416c14b207233a5c33ffc81c043c03fb08d135258f5da62c4a68635063e6543be9cf9f99d917

Download Submit