2c0141d3d510801ff6c37c0fb97307a6bcf0ef31bc9ee640779046f3aa613f8a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49ba81c075369ed2320dc269864952d1_JaffaCakes118.html
Size

24KB
MD5

49ba81c075369ed2320dc269864952d1
SHA1

4f1403b9a67f13f07eb13f6e91d197492b51b886
SHA256

2c0141d3d510801ff6c37c0fb97307a6bcf0ef31bc9ee640779046f3aa613f8a
SHA512

1c61008c603e4fe22300ba26b73929baf53ba980018be97aa610ce194605a66f926279ef734e5e2253e159f9693ef8e4d561d7729bd64c78c0206d9393d1252a
SSDEEP

768:tbUDC7wFUeBq7f7K8fpM9LqqhXkPRU5Iv2Oag4w:ZWURf7xYbh0PR6nOag4w

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

73 http://btc2016.atw.hu/index.php?welcome

flow	ioc
73	http://btc2016.atw.hu/index.php?welcome

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
856	msedge.exe
856	msedge.exe
1816	msedge.exe
1816	msedge.exe
1464	identity_helper.exe
1464	identity_helper.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe
5660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exe

pid	process
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1816 wrote to memory of 3104	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 3104	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 4516	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 856	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 856	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe
PID 1816 wrote to memory of 5112	1816	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49ba81c075369ed2320dc269864952d1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0e46f8,0x7ffa5c0e4708,0x7ffa5c0e4718
2⤵
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
2⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
2⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
2⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
2⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
2⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
2⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
2⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
2⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
2⤵
PID:3944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
2⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 /prefetch:8
2⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
2⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16598955595146424233,24660288340229202,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9788 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
ddfa64ae41254b6c473d4b8a4aae22b5

SHA1
a235bad735f1011c0433b62e74c9b67e381a615f

SHA256
b6139c1711591f83cda7c16f5bf441e9d237036f3aea2708b05b05e6bf529c1c

SHA512
e621a3c5bb2499d24d541d8edff6dddcb3c5b3dffce983a2808a648db1518fb001d55cf53c5c1eaabb803c650b7938628b4d7d058004e604324a6b891659ed37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
b877172c061e1916f903f3488a27da51

SHA1
9a99fc0b56c15f8b1f3db2a7cce0135d6e39a8d3

SHA256
34a8d92c067da9ee9d258beddea7da2038f33b3ca1d64b59387dfe798472b0d2

SHA512
33ec5f00c559e0b60cca70768e1f40945d8a0c3cc8cd873cbd295bd3172a2dfa0ccf27c7df85310b810404437d2075bec72084bfdf4de326e63badd1ab6c43fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
4cd8dcb524dfefdba5879f4c7ecd9e27

SHA1
526dbde4a950d8417205ae9369c868d84e617990

SHA256
611c11ae52c80d027fb77e33b83d8d4c4a0d4882cd56ef3028b1904d68698e1e

SHA512
4eafec48390e35463637db7afd7bf5c1bb32f51ea317eea15faa9aa3fe5f73b08b98ad8115c6ab1db45e809bcc83f3af8e9083e07dbba8f7cc11d2c2a0399db8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
252B

MD5
a54fea4daa3e8cd6f180661eb609a61e

SHA1
2d919708e4e6b3132c396d83e0786d0224791a08

SHA256
9f5818c70a672a6dc0ec0a004e9af6770d14758926820bca16916ba7342293a3

SHA512
13d9928c6c785aa9f767aaf3805bbc4817bfa896ff57b0023e37ad1599b4597d2822a7e74b0154b534a44c04a4689a47eaddc03d633170cd12cca7033da31434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
19KB

MD5
fab6067f1d6f62066f48ce21cb0e783c

SHA1
d3122e09b6373b9e61dd81449b4061e4f13d1fc2

SHA256
6e092b4934454cb79790becd24714627413ffd111268f7bc7b665523b0c54654

SHA512
5c7b7e98b4f756d5c4ccc43492d81298c7269e3d14f64973e294bb695637564043f0d46d8a3aaba6e6335e066cfc0d2d930cfb2ff2c906afca5574eb56d7c422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
Filesize
19KB

MD5
fd7b364eb1ee091ba7b6be6f443d9383

SHA1
5a56ee272aea7bbb2da8fbe225ad57916ae3fdcd

SHA256
4d2e29c047e2ae40ad1cc38c6f28044f7c5a30fd81d743ee55fa8a254817f217

SHA512
e9f29da4ad3ad5fe5a75a1b68ef88052be88ea2af6d6718963ece06e67cc9ddc6545a89c83c7178e8d9a80650fab4266e3d460ecc631a42d9bd64db600bce6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
199KB

MD5
585ac11a4e8628c13c32de68f89f98d6

SHA1
bcea01f9deb8d6711088cb5c344ebd57997839db

SHA256
d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6

SHA512
76d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
53700df99042131bca7d3d42502289ff

SHA1
9069377969e2022fcb536253f9c0ad455d61da4f

SHA256
2beb26ca65e12ff1f9fe964a351d2ff483b4341d0397264b64185a2bf62563d8

SHA512
e5bee1d74d961d085bae51df2aa5a8cb62703d378333958e815fb8eca8aeae2b59fc3da3f978811b826d8f988732727d4fe0de85e583ae3145aa2ad2bcb88c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
eeceab5e116a0b87af6dec382fe56d62

SHA1
a68a1768be9b4e3b53ad7a6a2cfa7b9f961d5d68

SHA256
5f1c58055a8ab4497503726cbaf375b1b1e832fb1738ffaff09603d999ef88d2

SHA512
95a5b0d21bfb528426af26997db808652c8b16b1a015f66508a8bcdbd69f4e819c58ed5f8e5c1b32da2d5dc31391c97bb56bde55ec03e59d4dc093fae0114bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3128d10b4e86130b2d45382f705d4a92

SHA1
1b223aaa295280c1d405d135016adfe4077d417f

SHA256
b4c9797f66eae17b8414434b40c5ff58cb7b1ceabb7e83fd65259350c73aa05c

SHA512
5ec676ac5b7ff887131b511f19f023be8c6772d0b397215501f1411528972a3de635392e7bb9de9370c7bfb9426aa6b0a5d2164906fa52383c57aaea843637ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b4536d3e7ff37bab8abacf91eaa9d5ce

SHA1
8607ae8fc1d1d17b7597cbe4821c5cbf4f180864

SHA256
ede09fb794f734cf8c08a2c4cefec0b2eeb7a230e6405e053f79f7b56c4d9634

SHA512
79a9981a673c05e4644683140ec7453966458811cc9703402e6f2086a246f973aea04f872d616a10ddfa238c908e9438866e433374cd69327861805b2e016a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
446148c00cecbdb16a1a7762f85a8e08

SHA1
182c054f167c04b3390b47f5f516e51bc76cf419

SHA256
d3e6e684dc63a7b458e691cd32a626ec3af5c98d74c4a10bbfac80a1f191dbd9

SHA512
701aac82061833501f95223002e7e0cf60d1538e0d3b168acf9f77e46f281c0c51958d8e6fb502218b005fde78b6fef6c02f5a4c1b043e792d17ad4d4f5ca4d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
0f3c5f50a66dfbc9d7a9d2861cd2cf9a

SHA1
60d85d772bd2866d8bab2f02195d8ed3727fce8f

SHA256
72c2abdfb35d5da318b1b456335d18cdf98726e5151954e71d9a0f28b454dfab

SHA512
82ab476b36254a5d068bdc949967c3fd600a32efe469539bc53de18d95cec5c5c2d0362884d5ff7c3a4ebc401be4ddbc4e2aeb6f4578e53a2f05a7e76fc18a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9ffe8b429a18bf6eeb0dc617a4f99c5f

SHA1
ca2566cdc68805e038fbd8129de79b0e724535d5

SHA256
399b50fd08b22e89e56f33836084efbd2e70c4fa558e509135b7a5c3eb9c6fde

SHA512
6e05d350757c61e475d38701848cce414e614cdbacc124bd70fda08358770f96c4d88f9d7f74f256e245f32e17569ae5f7a19f9cf3c18fc3ce0df1aa7eb50b2f

Download Submit
\??\pipe\LOCAL\crashpad_1816_NOUTLQTYBEMIIVJM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit