31abe1bdc69568e2bf06c94829ded5d726d57c5c6cdb57746ff5f2acc74a2071

Analysis

max time kernel
0s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

514542ba5268621b6562fd0814fed7cb_JaffaCakes118.html
Size

67KB
MD5

514542ba5268621b6562fd0814fed7cb
SHA1

d705d001878f2a48c10e92199d9c4b232bcf84e8
SHA256

31abe1bdc69568e2bf06c94829ded5d726d57c5c6cdb57746ff5f2acc74a2071
SHA512

03653b52d1fb3ead2b59a17344a1178078112304ba8680b100cfcfa3f3e482d074be8142a55495a3a5b8829d077b6ba0a5072b0c3d9464d4010caa7737d0e0d4
SSDEEP

1536:sxan0BvJgFIEGwVvtQL1JAarW3NtY1Wqu4YaBOIcELAE8w/hgi:8Jlf+vSAarwNtoWqu4YaBZhgi

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 17 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe
2020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 4280	2020	msedge.exe	85
PID 2020 wrote to memory of 4280	2020	msedge.exe	85
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4676	2020	msedge.exe	88
PID 2020 wrote to memory of 4920	2020	msedge.exe	89
PID 2020 wrote to memory of 4920	2020	msedge.exe	89
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90
PID 2020 wrote to memory of 5052	2020	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\514542ba5268621b6562fd0814fed7cb_JaffaCakes118.html
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6d1046f8,0x7ffd6d104708,0x7ffd6d104718
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15702281613441335856,11133434037886313412,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  PID:380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
dd6876f86bafd8436e3500ddf23b80eb

SHA1
9e64747da9a53f60a0acac87b5ba2110227b668b

SHA256
43356118f94e6a9b172ed54d6b891ed7f1545fdb69e7b7aeceafe67cd3bac8dd

SHA512
f8b96483c9ace4c78fcde67689b2a50fdebfa3e81804356f9e4f4647ba948ffe1c1e1540b5beeb0eb9423c6434fd675adcabcb24bafcd5bd9c87bb94a5571954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3cda0b99a9850bb5637ef2d16cbfe225

SHA1
9c06da93ef02563ce7d54536ad43a63df07f6270

SHA256
80ffa260f24e5b9ebfa8baa52290e2a6db7f22a56fa9de5cfef8c301eea79641

SHA512
9790acde6b3b3ade137616113d5036469d9dc737eaf0e1b621f41dce4302a8272705ae10850c226d1c61f089a4013a5250bea7df430820a11df82b88d6be86db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1505b16a443440c41e5727fc30c9d1d4

SHA1
a7235a01c6b88f705aecb4f54f63a3b3db97d9a3

SHA256
0a34a6a53c408f33c06916cbe69b8835598a188659853afc1efb77ee37c88484

SHA512
04bb9c207a51897484fc4e8dde415a48f8d872bc29ce09000227e0057589a11b88f8c698d01e18b51e577f0e6f241284d7f6b7066a9504e995be021d32311188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03e844a9c44ba831e7321fecc657e09f

SHA1
3d61653fcb9ed0236047e97f4db3aa2aa8e7de0c

SHA256
29c8e92abd2b52f6835eb8abcd2630a0fe07bd78744422936c361303946774c7

SHA512
5016432507843e4f145eb09fbdb3f889ab17892c5182f83e8943f4d8e4d95c7d9ee85225e131cb8550a31c4354e7ca4baef9bc1398d5f38e5ec3ddc5b50daaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dfd643c5f8083fe0e50a78cda9c1e6b4

SHA1
5700b49f375cb3ac9f6b988ec08d398cb20e2f2b

SHA256
84cd473953c1d08d86902fbaf4ab4804d5d9233d6f2cf1e346f7544ecc69ca61

SHA512
8bd7f0fd35ec1eb170707af0dbc679a29d00e549e231e321d112ad7c484ae8a259758e0f24cdceb421186e11205c2dc185dbc0d7ffce500f6e4b9ae8637b0598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6919365e000d6afed6fc46b712ec5af

SHA1
3b7fd50700e31b85757e695a8280934bab39ac0a

SHA256
d0c47ffbf65df5ecd762819aca2ef0542ff33769eff6269bf7592963644dca1b

SHA512
ae58fa63af982245a154de86af317594df608914697dccf6ef0e5859323c77542fddc7f0443d4d6b5eb80246e2db1f4d080bb51a55c968755afe9ef89d7ee8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
89224884e821860e9b96180271c49d7b

SHA1
d4de54d8bac3a6d528ff459a31629248fc975f18

SHA256
943c767b5cab34106218126c8ff5cff65cc069de8ad3dd35c471856858568d55

SHA512
64d7d549d82873eeb8e42552685160d3efd0e5d38fa15dd9af88d01313d1cc30e346bc37870b35d91b3949683b800a774af10e4698b025c5137f611cfb2d4ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f211.TMP

Filesize
367B

MD5
d2c2539d6bd0cbb393ba65da648fc23e

SHA1
73f1a6a4dff4c8d039ee3be2a0b3d9b3cf9f4d0b

SHA256
9295978644d051a20f12f59c7b6acbe980e812ee82a72e2cd86dac21ec1add7b

SHA512
54451de6757216cae3333f2ae13749b757025ef072578b5b91ed2e92de071c213db5bad2ed810f8a036ac656c1bc8b7c3f7857fb4ce7b1b50754e6a6fafa8db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac65a7578ac31897979c5d1049a07e3d

SHA1
3dadeec526692cbabcdaeba1234c586c76dca26d

SHA256
edcebd93579c77decac242503d34586255c4005bad835613f2e83de1a0ed4cb9

SHA512
ec3366ed149b6ee4326a3ce5ad96d6ac45e7c1003b192fbedb90540cf71cb592a723abe48c303d8e9ce1fab2b2fc81c1840c520e791ed24b8f256893c9656812

Download Submit