2f216d6f66da0fdddacad801bb2f9b0323b7f33cabb461c44bafc10e4544cf06

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1132172a4aad48246bc27b783f910c87_JaffaCakes118.html
Size

135KB
MD5

1132172a4aad48246bc27b783f910c87
SHA1

bd0d7b820fef7f1a871e90ca5c84e98418164873
SHA256

2f216d6f66da0fdddacad801bb2f9b0323b7f33cabb461c44bafc10e4544cf06
SHA512

048c9c352de50f9b1fd2227e94b813d447e66d278c06e30bdbe6fed21a0c8dc47b5a95c76721d95d6cb150648ac4fc21093521b958a9ad0ee667fa4f49be5399
SSDEEP

1536:nEFwEzFTUfnBQ7qXuhOPMKKj0OgPDPmeNL1iDiuO48n6yt5gK1:E/dUi7qXtPMKKj0OcKu1WGx6yt5gG

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
11	sites.google.com
15	sites.google.com
16	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
4448	msedge.exe
4448	msedge.exe
5648	identity_helper.exe
5648	identity_helper.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 1852	4448	msedge.exe	84
PID 4448 wrote to memory of 1852	4448	msedge.exe	84
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 760	4448	msedge.exe	85
PID 4448 wrote to memory of 2984	4448	msedge.exe	86
PID 4448 wrote to memory of 2984	4448	msedge.exe	86
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87
PID 4448 wrote to memory of 1708	4448	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1132172a4aad48246bc27b783f910c87_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb40d46f8,0x7ffcb40d4708,0x7ffcb40d4718
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4197504979245318429,11478016694770542177,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5c59b9a82a5e22bf5032da3ef818adc5

SHA1
72c1742615fa7b34ec4ddb80447f93eafb0b6982

SHA256
60cccc8ed206be8c72bb14f185cefd1c43b2daedd13dec5879a8932c6dcb2448

SHA512
40f862ed7f962de383590a0d4d0fc6e0da168dd9f4fa2bef0543552cd41ec617742d7bbe3f8dfe4070e885dd35dd1ac5b5bc303ddf5a5a94b5dd198974fec61f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
829f837310e248a79ad5a7e45d1708d0

SHA1
a845d4e3dd204d862692eeb7fb3f447e8075478e

SHA256
0c486df9f5bdc1f17690606363b3ba1b544a48f634036682454ff8b3516f92a0

SHA512
1377e4f86b27f049160cf371751f34a4d784772c21e081d71ad1ddd4eb42e81792299b21abca5d86d649a9ef82f50ff5dd37d696c2a199c0045bb973a45f8571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
36cd4b025f19c56cb4a04f6ca9c701c7

SHA1
081da67d1ff76ea14bb442f3cf3f709ced70dbaf

SHA256
22eeb9496d83c8ee86f10b6562ab7ed718f432115fa10fc54fe4663ffe88200a

SHA512
332525f5b6a3aa87e0ea2efb176b26b43a16353a4631f139ea51460c5205599c5263942845b98e38e5eb133c77c1415d8846b3c6404ae45bdb6e2fee31755a3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
4d0e3352d9a001976ccc0875dca3fbc2

SHA1
5ef9b0477e68dd289fb0aa454db03da41d1f7f7a

SHA256
4e95486d7a910b3d07f8652a2672222e19cac43db61dfd5d6488798c8627aaf2

SHA512
7ca467fbec48da6dd6a0d786899beaf7d777ce9d98d50d14d17fc4f189a55f9128e7bfbdc7d823944139b71c34cc4d4100e2708bc773ec79fe6e39211d4e28d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8f321219978387c02f0e64625a49779c

SHA1
6394bbe6a0bf07491d4011b07c81b07c33ca3b7e

SHA256
bc8c68dc0480969cd8f81c1fabf2d71379130240c00b661529b20c2f92eb45f4

SHA512
fec25a4486b7e577b3c0fc2021f11651bfe768b6f274249df996fac006697b3d7fafd513754f1741c63e31201e40ac06277f929e7d4b78fc8ecf6a29e41210ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2c13212bc3c837177c8d780ab76a7a51

SHA1
b1368c373eccc24f48f51bb5e9345b9a330636ff

SHA256
daa01028c2d80b94748b1c14330d03da87296f16620a646821bc13438e31dbba

SHA512
edcf5cdd001b9b6d76fa802ef772ed731cf58160abf63cae7fdfe0c27c25c04aee380c7f61cf7e78c758924fd8bc4a1fbf67b9bd8b182f03c0c9a8958d492118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4b4d2b6cc6648e054623891e3c0d480c

SHA1
8388a17e0355cee1fa730b1e5e058c39f55a2c60

SHA256
19b94fdd073ead4580883c0bf8208ae1d7c9e983d70cc0ce0c1c5389ed0cc054

SHA512
85a4297ad3a02d5c7ea18b0f2fdaf343e39db460566c5aaa510d4159b82cdbe75d59e81c819d60984f7f82fa1ed43bd16855d06bce6f260a699b15aaba726b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8a6a3095597d021d0843364936a9e235

SHA1
c1b64dfd1088fb894f7e0be1cbb3991336c71631

SHA256
ca611c76ec0ac7dc82114d98a0ebc52d702196da17840bdf436ed059067b42d9

SHA512
25d3da9205b6277973d495ee36360b6ef08b708b96b1de7313f4d3b694e1f8f03127c8b5bb12e2e6af3aac3063cc4eab126bb9a165f3d5ae9f584ba2425cb5c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
272ae86037cb14dc639544927df7b5d4

SHA1
d54c4fe073aa6cdd3afe73584c05ec3077c6814c

SHA256
b50de97db4534b5dcd5dbe0e8a1101fb78d9419f031879ab270a44608b4e08c2

SHA512
2bc83aa1cfabc8676e5a111368765caf01d424d0fe9c7afb0dbeea16fc8182ccd08fea70ff8fcb5908ea3d999c38096bd2ec98be911c3f918b13455b8e12e32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
377f11533d9b2a56f5a2275fac505a67

SHA1
4c0fabff4c014ac4135961cd8c9db28731bcf198

SHA256
ea6a761aed6c591fbef99b56ab9be84315822a8fa8c22ed1913ffc4b698e68ec

SHA512
1f4e59964b405a2034245e2b7c439c04377eba747ddda2a8b8ce560f84f97509d39c665fcf8c234ada808880167a2fd15642c67c7d5bb5bf79f65511cb493185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b304.TMP

Filesize
873B

MD5
fed9ac9c8ef4ced40e0676e1062c1381

SHA1
391868788613217cf3c182ae71022456188ac1b7

SHA256
db484dbdeb04619f2979a749ad40f0348ebd65a50cef64281724522f707ed464

SHA512
35a2e835462c63b2fb75fcd17a5a56513be1604783f618e1f94142147de6a3954bf3dc93acaedec485e79b0aa03cebae879956c4b7ae7a1cae56fdc7b7be9aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89352c9d1723a7e663379aaf1fd83a62

SHA1
0ca235ee33cc0409927a5d89765c2ef54a90188a

SHA256
e1859976d171784d658483346514035497337fe2228b0e37ba628f1513534caa

SHA512
f3094855052fbb6c7918936d51a8d5de3ff13775fb4945465e40d73440cedcdea47901d1169fdf097d89c51be3f4453db7f5537c6fe665cd2d67abfa281c3ebf

Download Submit