f5a0c4384c01d490fbf05678b5d304b7e57affbe3c6de28d57e842be8ca37229

Analysis

max time kernel
1s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5143b72ba1dd028d00f221b3f1ae6af6_JaffaCakes118.html
Size

175KB
MD5

5143b72ba1dd028d00f221b3f1ae6af6
SHA1

025d105852ae3f66e3cf1a92a909c8e64e65c44c
SHA256

f5a0c4384c01d490fbf05678b5d304b7e57affbe3c6de28d57e842be8ca37229
SHA512

97c0e859bde602dbe39b8ca85f5aa166897c96aae3fdccd5874047307b556d223e7f09d8a97d1c1ae244ce9555d0eb8ebec8ce2b0a875dc7a3d42bb42003c24e
SSDEEP

1536:Sqt58gd8Wu8pI8Cd8hd8dQgbH//WoS3XGNkF/YfBCJiZo+aeTH+WK/Lf1/hpnVSV:SHCT3X/FeBCJi/B

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe

Suspicious use of FindShellTrayWindow 17 IoCs

pid	Process
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe
592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 216	592	msedge.exe	83
PID 592 wrote to memory of 216	592	msedge.exe	83
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 1072	592	msedge.exe	84
PID 592 wrote to memory of 2876	592	msedge.exe	85
PID 592 wrote to memory of 2876	592	msedge.exe	85
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86
PID 592 wrote to memory of 996	592	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5143b72ba1dd028d00f221b3f1ae6af6_JaffaCakes118.html
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff16cc46f8,0x7fff16cc4708,0x7fff16cc4718
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,3658548371118780230,13115128838129635322,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  PID:5628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
28dcaae646e1eb4d524deebcfb7897f7

SHA1
39f9478823501c39b58bb837e50fd3061bf2643a

SHA256
a12cf91ac83a960c33616f6980da9777ec2adeae0cbc60791e5f8213345f0afb

SHA512
91da244ed69f791af561a9ffcb23c0baadc7d7d14548612d4f9cc9731a12d192a9900346ccf05f380336c53f77ff4246317ff0576a003eeef2c9fe16a9f54692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
27a47eb5ef34fd6272d01a8140add7f3

SHA1
9593eb8a51876527480623984091e162db1ccfe6

SHA256
af3849e177f84f40c8c1f2135c05a2fb7f56152ea88a6f44889fe06fd417a3be

SHA512
2bf95659063d1320a39004af56281dea042c394073a26e9518ce9e1d9e38ddabb9f6c04a5b42cdd35e17a493d871f3a1e35601f4e8b91ea118019b22710cdb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b10450bec58772e9991614ce18ef5a74

SHA1
ec9262051dbaeea312d1c7fe15678b7909e025e2

SHA256
89e35f23c9fad4ebe6c31a14907389d22667261584b3e381bf317e1e2bae8a5b

SHA512
8d0569208598d33dcac7f64b93915e44159ed313229f74fc85a35fe2e16379f81f662c275b354f985d62b0bfd5fb8317368070d120635d92faa042145ff9f9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a97b85b0737b6a7b4fa9e6db3ca03d30

SHA1
f6f42d68650fe1a532d5b52f5b2de47bb0e6beb3

SHA256
0cc6965297becda73bac1ef143480da1c94188db0747238561033b19e4221d2a

SHA512
c81be3e0a2f9913e47112e8fdd3fac86b93fed13a47e8ad0739b2e681fbdc481534791fb350b769ccd93efab95e12503ba928c98e2f9c675ea6eebc7df64e4d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8cff6e0694c333581b0a9e95428e56c

SHA1
3ce0951109ec4569508071fa41a1973489804532

SHA256
40ea8082db5063a17cd492959042d0be2cad0f3ef89fd3e062b8573fe82e57f1

SHA512
a95951b27940aa8dfe0824389b06b16a5f69d783f8c2f72e01db8689749b1ebab744b279d69dfe39146c6c264dd6525a7c98dbc1c93a779e5aa2539dbfe6fb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f3b3cb3c-8c97-4ca8-b048-fe2a53740051.tmp

Filesize
11KB

MD5
5318f0ecef1e6a3175e936fb484f8521

SHA1
0d443d8c367ee7b1c63465b0e240cc9ec00846ce

SHA256
8ed596705a21d457073a0d12705f5d23b3b27d0f4ab744c90a00b2d7726cce10

SHA512
543bd8d605b35177cc65abe474fe61f45c942e6759232f55bcc0ce08620616e79554c52affc716f70c8ea893dfff225c7a482c7942a9ec9edb0d63c662ea1709

Download Submit