e4fb1e4e16775fa7e3c24ee3794a4ddb020631c8406e999009368deb357d6752

Analysis

max time kernel
0s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 13:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9840c1ce878612d61c17b757b0d3b568_JaffaCakes118.html
Size

214KB
MD5

9840c1ce878612d61c17b757b0d3b568
SHA1

9b231ec65d0a128d7e4b641a49b7ab2cb83c1599
SHA256

e4fb1e4e16775fa7e3c24ee3794a4ddb020631c8406e999009368deb357d6752
SHA512

938806b1891e8383ce8228b0781208717c57b0f1fb0b0624fbddd23e470534ae2314eab601dcacf971ce4df1f2f0c1c53195de6e670438e49e201063414f0cc4
SSDEEP

3072:7rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJV:Pz9VxLY7iAVLTBQJlV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 3780	3956	msedge.exe	82
PID 3956 wrote to memory of 3780	3956	msedge.exe	82
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 3044	3956	msedge.exe	85
PID 3956 wrote to memory of 4660	3956	msedge.exe	86
PID 3956 wrote to memory of 4660	3956	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9840c1ce878612d61c17b757b0d3b568_JaffaCakes118.html
1⤵
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e4646f8,0x7ffe7e464708,0x7ffe7e464718
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4685710754838544199,14564781796107453018,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4685710754838544199,14564781796107453018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4685710754838544199,14564781796107453018,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4685710754838544199,14564781796107453018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4685710754838544199,14564781796107453018,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4685710754838544199,14564781796107453018,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2784 /prefetch:2
  2⤵
  PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
47df7b6d9740ce08f41e9a77298dd28d

SHA1
d7fd3fa6f1e083cd3663496ad096c016eeecd433

SHA256
65d35e0e65293ea564f558c87d7f484f7b119d746f86345702438da522b213ab

SHA512
ad6d68e1eef53eaac2d0c1d2387bc9da47bc6e7e0b675a9b9e60ff5a745b35b013899f435c127a6595c58d8b7fea5b754d77bcf2aa584f70c983b303e5876878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ba2492023cc2f73e20455c2cc0cdc5d

SHA1
4d4a90136531bd779e70eaa5c59f1f98fcf5be6f

SHA256
8e3095c7de3241375c2569f00f415c399d7c8b60a4dfb7530e05e56e13f6ae6a

SHA512
5e3dfc4a898095b1f59abbadd2510bba1f82feeb475a192bde24b44ae204ba1e905d16b98deffeab26465d98e40ea5b2126467e1486f79dce47f08083ac7cf27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4357610ce2a6703faa15e4b41b50b2d4

SHA1
2e90332c61bec5be9740569ce4c79bea34a21c00

SHA256
f3cf1d173bba6e1472a30d8a94e34a2bcc88bddb53ca9284d42e1236c4229ba6

SHA512
d82f01f0a487b4aa79c313860c130da431bdb3e3b7804a41e37125199691d07693a0ce4780698bd40a020c275c81aa1c04358216ecb076ae834bca145d46f056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89764caa754587c5f738eceb54a4e0e7

SHA1
d5ff6809ebb45ddebf87fe2a30e4fb4b2b623b8d

SHA256
3ccfd1c8da14732a4baee6563b4f81d936aaa42de2409e15f579e7d51d143132

SHA512
e19b1bccd09f2ab71566efd04ff152397967c65687d58fc5ea10b8df85e30cc9ae3268ab1e343e96d928a62b734048ca301e37d77534f869f6b1f54be71a198d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads