dcfcff2a9127c989aab5caa8ce5f63d00d35caccc4aeecf6280dfe7564af093e

Analysis

max time kernel
0s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240729-en
resource tags

arch:x64arch:x86image:win10v2004-20240729-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0049fe3da22469b2afa6805541a4435b_JaffaCakes118.html
Size

201KB
MD5

0049fe3da22469b2afa6805541a4435b
SHA1

9f93d6a46237921e9290bdc1c11521714c3be2e2
SHA256

dcfcff2a9127c989aab5caa8ce5f63d00d35caccc4aeecf6280dfe7564af093e
SHA512

085a0a8711e917662053c2f5e57253efacb49b9f89695c48718c5c413869b409ae49d901be0485e841bca9ac9273688508a3a68185d396d2f1ef61cda321d5e9
SSDEEP

6144:S2OtUbRTC684WqSx1xCRe1rLzeWvJQiUDq0n4/mRmOmLmyBiW2nRYdR7hTBNqZsa:x/R+D4WqSx1xCRWnzeWvJQiUDq0n4/m9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4444	4588	msedge.exe	82
PID 4588 wrote to memory of 4444	4588	msedge.exe	82
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4684	4588	msedge.exe	87
PID 4588 wrote to memory of 4032	4588	msedge.exe	88
PID 4588 wrote to memory of 4032	4588	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0049fe3da22469b2afa6805541a4435b_JaffaCakes118.html
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa95ea46f8,0x7ffa95ea4708,0x7ffa95ea4718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10414982652487503586,12967092340740214284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8004d5759305b326cebfa4d67dee5f25

SHA1
36b9a94959977f79dd0a14380ba0516d09f8fcaa

SHA256
21f35e2ac53a817389d7027e99018450993fc66e37f916e454bff9eed95562d7

SHA512
7afba827395c1a5438091bd2762a097f6ea098fcbf3db99f90f9bc442afee7a7841a6e0e83f9cbf017cda0e52d35da93f8efd60cec73638baea5eaf1c85b7089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
368c244e384ff4d49f8c2e7b8bea96d2

SHA1
69ce5a9daeaf1e26bba509f9569dc68b9a455c51

SHA256
6f8cb8fe96a0e80be05e02f0f504e40d20e7f5db23fd0edee0e56bcffa1059a3

SHA512
ac460f1b35bcdefa89104e26379fc5639499607be6559353665a73ee8dd41822699d767532d48cffc67c755b75042294c29e93062d4eab22ca6bcbe054108a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd63a65372574cb2c6876c396610eb96

SHA1
d288a9100024adda252bce7a250508a1948a0296

SHA256
861b90ac28e4a391a6ed2417efdd886846fbf4ab1af5ba28c422847aa40d15a7

SHA512
ce35574fe2802d44c000406619f7a8b0401135c8b89e2dcc6d866467d171cc73fb9c9217f76a076bdd60199ab953955821512124bacd7408a5a96f84f1418161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4857fe1a43b59569d632d2c7086c2383

SHA1
ef055fdd3201c78c6744c3026463e9581ae497e6

SHA256
cb11d8868df7d9d172f600b2fd3a940d7d5bf3becec562d3774c2e71b6457ad5

SHA512
0a89e8a895b446e5c43ef5f0a0598e3d9fdd2d5ed2c7a51ad239a022b34ff07198b96d80ae5ba3cff08935fd088f34a0f57a4213dbfd6cfa0853666961466c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b24bac3c-3a58-4bb8-bc76-22fa5c160042.tmp

Filesize
11KB

MD5
d4de5b456de6b480fa91f980057b31c2

SHA1
4330538068222be725881448a6c33695aea94a08

SHA256
e2dd03b5e529c2d5f1a3cadf6061c3bc3d87dcbf4fd8f865a12b6776fc8afb12

SHA512
c9a66afd3f1ac2fd83b6d7f33add45f9f58c047cd53c4c06941e9ff0d8286efe893d6b2f4cb354ec0035a31b14bae546baaf49fc7c0ebecb15571eeaca7371f2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads