33a3898bde3d6d3ea156b2698fdc4ddb44a55bc6e5f72f98e55ec3898dc752cc

Analysis

max time kernel
0s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99c9eca6183cce15caf642c69896d801_JaffaCakes118.html
Size

19KB
MD5

99c9eca6183cce15caf642c69896d801
SHA1

ad379ccf928c12012f34f7183be67010d49dcaa5
SHA256

33a3898bde3d6d3ea156b2698fdc4ddb44a55bc6e5f72f98e55ec3898dc752cc
SHA512

ceddd939a3146972c9929cf81c94081773036fe812a5ef58f1f2cbf353596ff5694260be269a82ebc54d62e16008837baa63c7e9c423e6530593695d85f51d92
SSDEEP

384:ziCKhgESOVBD8cSQ3RcZnemLEXucfIk9xhe8zVc95p:ziPSOgc13KcmFOIk9e6q5p

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 4924	516	msedge.exe	83
PID 516 wrote to memory of 4924	516	msedge.exe	83
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 1444	516	msedge.exe	84
PID 516 wrote to memory of 768	516	msedge.exe	85
PID 516 wrote to memory of 768	516	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\99c9eca6183cce15caf642c69896d801_JaffaCakes118.html
1⤵
- Suspicious use of WriteProcessMemory
PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e77046f8,0x7ff8e7704708,0x7ff8e7704718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14925085007298125627,4764477187442703197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 /prefetch:2
  2⤵
  PID:5532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1a81501a40b15a9a4d610b68e862a68a

SHA1
77bc3306315e9d603abf928165ce03eea1689741

SHA256
e4893b59fd8ded9736422eacd9c6fb4d7f63796d3a9e3373ef98fc639d879c50

SHA512
e12d91341df3b7d9075d78d8024a8d34d317a1b616c305466a51b68952c6e03f56e33528e06b24062bb949e00cbb6074c01928128dc5fe9b7e74971d03912819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
410B

MD5
618419b04d70060dc9394fdad0f4f59e

SHA1
f3edcaafd73e175b56362ef6036aef2ddbf060f8

SHA256
cc16ae664e375fc651448f366db56a39ec648455adfae7c937383002625adc1d

SHA512
352cbd2a25da101857bb4fdcc5885e69afbdb753682001286c7642ca44d3374a412f95213eb1107ec374872df06eeef2a5f5567cb614a206223baad005ef7731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
750d65f2c3d6cbf0b8705056d4d3b11b

SHA1
264c895f0ead38e9cecdc3317b0d58d26942398c

SHA256
a09fcd0aa3e94324155140366fdba99159a125d3e032969dc5a5d0d93371a18a

SHA512
9d2f3ab45faa9e38784994d1a082b24c3ce3bb8e941846f7a246c765a21772af0281705320950340b0a08b3be317160d1bec285729b4d5b7287ea454e441a8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bcd2cf7273863270c288ad613f3a01e

SHA1
f786d3ae83dd19c9be2e968a4de3ff7a3d68d30e

SHA256
502b56c82caafbff941fae32768610a30ec8620d38666d82c1b4cf4e40df8483

SHA512
7775bc5b3cc5f779dc0d5ec6d7bbfa76287a2ecf2c87b1308b399e9386fa05c49664179d42089357856c9030d42b3f4d788b2b02bc92afcf4e12c9fdb262e4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a46ecd2efc75e859fedae3fb519e844

SHA1
b466b75133fc7c53097faf6353d0ab0b9500f36e

SHA256
78c24e0d4c178adfdf3caa8e6ccf1ca398b1f44c4443a6bfa272f4a5489d5f0e

SHA512
d7b94c1b0c8c0a899ebe82192d7cf2acefcbf76b7aef7d30b92c367fd3509a799a7556481288cd3f55afd8b8cecd02ec3ee7593aa36b7ea3711c9e148dda9ab5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads