hxxps://extantjump[.]live/fafed0390d4aea373ad774b1c9d8111b

Analysis

max time kernel
2s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://extantjump.live/fafed0390d4aea373ad774b1c9d8111b

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 1904	2556	msedge.exe	16
PID 2556 wrote to memory of 1904	2556	msedge.exe	16
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 3144	2556	msedge.exe	29
PID 2556 wrote to memory of 1332	2556	msedge.exe	28
PID 2556 wrote to memory of 1332	2556	msedge.exe	28
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26
PID 2556 wrote to memory of 1428	2556	msedge.exe	26

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://extantjump.live/fafed0390d4aea373ad774b1c9d8111b
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff340a46f8,0x7fff340a4708,0x7fff340a4718
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,554644177925156668,9541244988470448198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
473B

MD5
e8561f89d46e5d857128695b819dd9ec

SHA1
a6d8be30b01d825126752405b72b8ed31671bd32

SHA256
5c3143a5faa21d0de2bb59ce9a8ee085162f4519e8e238af73f362823df1f1c1

SHA512
fa0e3f6f7889d432dbffcdebe32d685f6142b815a13d9a1aa5b776d6131a08a19bdbd6e18685ea9b7ca780d2482a285b8aa0f5d44e04374667b1cb44385fb24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c63409f56ad47f38368e24de8bdbcea

SHA1
ec3102a93a8d233e001a25d4ef3368593aab23bc

SHA256
9d024e429a74001c7921856f266ffd42b4f2178e9820c419aa21a9e84c251764

SHA512
0f052420a7e5a0eb89a8c4098783620961f541dfbd2512b626750effb96739080d6fbf64c8bc8a2c6a4f188c2b5073c9a90c1232f86c9ebf7c1fddbb015b60ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9977529639b9d3621e05ddcbb69af02

SHA1
6d72cb7fc87c79161d9087a004d71d7f7cf56142

SHA256
6b8672241ae1b193a234d84b2e23da4fac0a1c3a1124340772cdfba26c85f1c0

SHA512
4883099e986206b3869556c612f9012351c071cc276ae5e554e1890eca761a36d94a825c4018ae7c1a6a4b330ed4d1e48420e9e9787fdb3348cb23ce9d24f8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a6acb420f3d096884b9d1a2ac6bcbaae

SHA1
347ff98888bb2a5309e4a20ffe4e4d5690b6643c

SHA256
42e71fcb6d6ac3510e57b50595f474b4d6cd7d8ea3e627031c5bedf82c91fa32

SHA512
34be264d9d2ab1964e17e261c5ddee06b33b517256f81c9e55f884efe379932407a7119ad17f5f4fec1f7e8237b607c26f7b0ae33319f261420b41a21c0cc3ef

Download Submit