5ad5fe4255faaf4c4881cf00a6c980cf343c6c74792a2158f2e495eb1c5a3a28

Analysis

max time kernel
0s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99e62ce744f78cec09e23d2abed1dca3_JaffaCakes118.html
Size

101KB
MD5

99e62ce744f78cec09e23d2abed1dca3
SHA1

d56e12c1895c1fbb5432ff45ffaff0ca2876be08
SHA256

5ad5fe4255faaf4c4881cf00a6c980cf343c6c74792a2158f2e495eb1c5a3a28
SHA512

906993e14032d9af939f0e2fc27a1ade8214cbcf5149f0a5e89e74bfc437464479e416f522bc3b68ec82c131298839a4efc89cc6f1756cebdba68d9fa1b30706
SSDEEP

1536:r+HzrHoEBIVtgmlW1sTHdD0bUwHmE4U+ptfV:r+n2t3WwHdD0bUwHmE4U+ptfV

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 4544	2088	msedge.exe	84
PID 2088 wrote to memory of 4544	2088	msedge.exe	84
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4656	2088	msedge.exe	87
PID 2088 wrote to memory of 4432	2088	msedge.exe	88
PID 2088 wrote to memory of 4432	2088	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\99e62ce744f78cec09e23d2abed1dca3_JaffaCakes118.html
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b1c46f8,0x7ffc5b1c4708,0x7ffc5b1c4718
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,5137778110956283779,7717441996103175360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
44KB

MD5
23536ccfe05b737ae639fe63ee4cc435

SHA1
6d2e9822835dc3e6117a4d2addfc8f241fbdbc82

SHA256
6ae9edfc411ede03661a3d910fafddab3d6b313d1f4668dc8c5a84c5ab23a3ce

SHA512
f416e36b2322bbebd211fd1ea69c88883f00c7b00f14474a5fcce4a408840c0d1b0304eb8941509a38157d0583485f638959eb7d5b9ae668aa88c1d3eee8dd0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1d63e982dfd831d9c499c9e572af833b

SHA1
ea3a09660d2404d340b6a2b5036f80ce4c577291

SHA256
1c3b49c0d0ff0e3776e4e7993df42c5c2214e79290fe9ee587dd0ad11151c607

SHA512
952af7e4256e62b923156d777c8e93eb7755e854c5c8be8ef80ffdd3d11dc3f7e5bda5fd900989bb3a1194c642ed0c4c27fced50d80d26e0c1f23c172ac3f327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1aa2c0cc13a1de7a7c7080bb2bb57f7e

SHA1
f79847706eba40fb6c7d8bcc67c67f300a6d8fa4

SHA256
d78d4f45f1356729ce223b3e99d13fd1bd16a6f2fdfc48c8f793c316ac755423

SHA512
26b92f3462a7cf4b081989924e0d7e55110c07b610e187a2b1bff036d57dc584ef9cc278d016c9bac35b63c0512087371b2c1e8b998e8629d44501a15412b605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
589aee0996fad0616e9aacdc3bb86ca0

SHA1
4427142a4fec0c50d140d68e0c93c31a5ccface6

SHA256
7c5a862364f1c8a081d2c83e71157d620491bfc685376cafb265a84d4cdafaee

SHA512
a2882643c5788cc39bfbb3da1cf060ab07ee8fb9f47dd4aa54aa4a298ea6fc1b6833dbfdfe6367354d349b38d0d79063081c7c2806007e12a4b60138eb97177a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7978c00f6adbc7cd9ad9fe2490ffa089

SHA1
a02adb80a727583eab24935482e30d78c5d3c2ff

SHA256
2f24af5e1f5043d628ef890178fca7863cadfe3e3635d45f481c2e7098ae6fc7

SHA512
81c2f6c88a41bd91e1d9ed5f41801887701328386375c21f286d72e7246d58d3447ff4df25a607d9bcd3e03622529c7c0e70f7b54bb2680799fc7e89ff4887af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5307b4c124325979a468ebd0cbe5caf

SHA1
fe2ca9754310f3397dce57ee1a5f3bcdf8bc863a

SHA256
c8c23ea7262b7ae71eea174807e747af2867aad56d7c04bf2b805c4fef353e61

SHA512
d567ae33b224dcdaa72054dc38fe200b488e606a266a22967a4303a010559786f5ececb38e8e43468d5043ba963fa3377d3d200476693efa47c9e4c2b1b2bd9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25531a564064410fe628cac79191ea00

SHA1
b76bfb8dc0d8e98f04b5da4518faf0f4904c9304

SHA256
47210b39f5d51ae23e8ac4603303d9336afd6bb49ce59670113a6d2cca0d7784

SHA512
cb3d1f6a23c2f2ce95641d67ad004255b5fde6da9497746d921c027fc3f63f5a08d7646c28a068771b4234a06b7b9d590bab0808ce752d21a7e1c93671d4242d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads