030c4681ad4a22c6d0e98958f0ee73a6b4a74d5c7e3a12ca431227523be660ec

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68946598c64968b6a12daf1ab00c6d1e_JaffaCakes118.html
Size

29KB
MD5

68946598c64968b6a12daf1ab00c6d1e
SHA1

b7d09582113e17353fbca09f70acb36e61ba5570
SHA256

030c4681ad4a22c6d0e98958f0ee73a6b4a74d5c7e3a12ca431227523be660ec
SHA512

bb2e93686bc54f627f84b73b60dbde92c69cbf196abcd25ae3f7b6c48e373f3e8c0a1f6afc6961d9658a308f6718d1bbf00978883d7921299aa62b53f49d3047
SSDEEP

768:9apTBacnEud8lKNOCvROtqI02SjN6iXpryXE:9apTBacnEud8lYvROtqI02SjN6iXpryU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{4E0689CC-8DEA-4393-9909-EACC43A58770}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1456	msedge.exe
1456	msedge.exe
380	msedge.exe
380	msedge.exe
5764	msedge.exe
5764	msedge.exe
3128	identity_helper.exe
3128	identity_helper.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 380 wrote to memory of 208	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 208	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1036	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1456	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 1456	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe
PID 380 wrote to memory of 2432	380	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\68946598c64968b6a12daf1ab00c6d1e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd077646f8,0x7ffd07764708,0x7ffd07764718
2⤵
PID:208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
2⤵
PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
2⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
2⤵
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
2⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
2⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6544 /prefetch:8
2⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6676 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
2⤵
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 /prefetch:8
2⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7932 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13663897274677208332,9343967677144571047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7748 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4784

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
330B

MD5
ae1bc6145db3cf395d8f440349d3798a

SHA1
0c3a6c8a1cf91d088439fefdaa601306c526ce7a

SHA256
faba340001c554365e62f91f07dc9b3fe5f80707cfc99d195bb8414ec4f57812

SHA512
0c04352c814e49e2246c42e77c6b208b46b45aa38f1336ef8a3f88a7767ea3f4d53576928c41ca18f8e53f72f5b9b26ba4e3c1444f2b8d66b5ae6d19a23870ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b51498a577f8748a4feec47a5a67e90d

SHA1
4af46bc3e1f3afd646c8b905de95f2129ac2d097

SHA256
bd371b91b4981c81b8dd686abf0b3d08854bc37cfe36d514696c1d8d8a315e18

SHA512
fa78ad7eee830ccccb4ac4cd529f9870c1259ba34de879c25a89302288d1dabb06e1c7e575d04d2c5bcd0901cef6d6ef016f3c2aa598899d215105df8c165cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2a1134572affe61d822c594dcb40a9e2

SHA1
71a0c1d1e8ec8742df46abb03a1ca214fe4fef56

SHA256
a8755cb3ef588f7a8041b7a7e322faf36dfb3d1a08302dcc59cad40b8e166c95

SHA512
4d40fc52bcdbbe4c9dc82f241bdf6a65fb6769c55ec4761b8a44bd4f5aa593adb3aa0cd7551361f9578dd2c30215d3fbe293f5e6259eaac8b68b4a4e39d5a2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
0c2d0f6500f9790ff332ca7c5cfb5c63

SHA1
c13a69cac36ac2ae6fa5a97614dba5bee8d67bb8

SHA256
7a3b2b5fd0d627297d495b2d3521084d8efee3763eb503d8030eea076d1e8035

SHA512
6861606a380990588bd910cc09216de602a9b09b235aa2f4098c662979af7d8f3016ca23834468a6df851182714acd3ebefad6e23e0e89761b6d9332577fa4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1d448c459a631b4ca1827d05d8c35069

SHA1
13596402bfc556ad22890447923f493aad211bdf

SHA256
c1be5dc166a47c6b8d3a9c788aab114b01065ad289e420c8ce542a984f6cfd8d

SHA512
ed7cad0b3c82c193326dd9b29be3074fbe0cb4fcd3622f91aa8d6ede15fb629558c35ea83b006766c94b6cd247fe245551c54afea98c482f8b57944fee406a06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
be28e3c2987a062dc7d2a20efe410c68

SHA1
024eed548dc601f3c40ee17a330b4eb60f77823f

SHA256
2500189c92e70a2bdf314537e1ff5746a3665f8df9015bb8407d74bcdda4ff4d

SHA512
3e6b9be0c5687ac94b9dee598291cd56566de0197e8dcdd18ed54c6189c5352481ac7dd4895c42f4671fb424c50d128365e7975b54d60ad346e2404a64331b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
31e9c445a6028f37c1d1a1a7d0d13809

SHA1
d8977b9f72e54ad6adfcf2453e37c6cd901f7419

SHA256
f75447aee72be8e0f2d8b8b2295cf4072ae6b488bca868a9f88c48f0995bf0fb

SHA512
43fd38fbd790bb4e703a8a32e54af629320735a19d940130388bbc35bfc3c9de4a442bdb7e7a7c035f9d25a4e0f2ebb28e7ed9b6467037ad0517c8d364e7553f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a00ed4ac1ed46c0e7b4071889f04eeaf

SHA1
dec072f936e419780657f8b191115310c327c951

SHA256
127c957956096d2199e060de49e1e688de04eca14c2c7ee3a61ac480164c57f8

SHA512
838ca53078ce8975b5192edbc18590bf335cc067876127d6310dc76577153c7c49e11895cd0e08a86191c6078fa3aee9cce0d1cff88e74d8ef5762ec0f44072f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
240B

MD5
ebb44f00a28155f25b5027f7f67c2863

SHA1
841a4eba2e68ad8dbd9667457093df087b7d710b

SHA256
22c219eaa4634dae6e3cd3319266af0c007b5fac0a2f61c75854bca026b2afc7

SHA512
a17df3f9fa67d040d481d5d47fa808ef564a45d2770277acb1a1cf55661b39dc89daada690980d527453b8b1eaad06f88cc906d51ceb70604ebd592a60f8b95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d0cd.TMP
Filesize
48B

MD5
ab24ecdfedd702ff0b8ff995b48a51c4

SHA1
15b1186e24475d9fc2782df0a25406da9b9b94e4

SHA256
d21bdedc028750f443584c29d726717b454a38f50466f7c1b68ac3ea03b6776a

SHA512
114d134356f44d2d976ee159dc9d9569b8da652a44e4236f9d48b8fd5743bcf5849d8235faa63f29d9b423da7ed5e5c2e3e91188c01b23499c4d05ab7ac4473d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
c4059ab373641a045e3aedbaa7066c00

SHA1
f2f1b11546d2600a60764178bf9322677d212d0f

SHA256
a0f1984feadda801b7f67b540bd2ddc21ffdbad96ce7cdc5162a2e54f540986a

SHA512
53b1b54a66faaecc6f8535491c2afd8f4443615a7a7b7275af54f53499d08bb59a1e1f944c21fbe017bff1ac99479b4382320005a1e7c9c021db22ce9c63528f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a642.TMP
Filesize
6KB

MD5
98199be85ee34b2aaf864513ada50ec3

SHA1
50b353256f49a6c935b76b3871a771e1a03bce71

SHA256
dc67240c80db1ce0839c4d5abb0df297fa067b203e4da39c6ce51ef8ec66f1cf

SHA512
4974f8a95412c8df4966a3c4d79ef54980bfac69c84fd92c82979b2f642ed9b9aa4904343cdece6fa436b2741fffb3b19821cd2c67ac5567b9b09fc93e4016e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
71a957a2ab5b170f666f935b3c590253

SHA1
af8511c3bc0a0b8f33a5f601deccc549d7e97360

SHA256
ab3069eadfa46c5c213a17cdaa234632a630114e015d57ae8925e7a0abbb3a28

SHA512
442ee7005538cb1ef6ad33938af2750eeae98975665962624a65ec832d442e2dbe16e3f06c6c485c779df9a8b3d98467f0152797bd5e207dece98fe6c1af0ffd

Download Submit
\??\pipe\LOCAL\crashpad_380_EVDGBKNGUDBSYSAD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit