93fef944a3cf763c04fafcb38540b4d5093b003c92a7a4e5b8c35e254d75e537

Analysis

max time kernel
1799s
max time network
1765s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
18/06/2024, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

js/jquery.min.js
Size

88KB
MD5

34780df23390d789c96d641a8a67384d
SHA1

9d4c8d22551ed70126c6a70719a09f14e31bfc90
SHA256

45bb1422cf4a9d5788d23958b84a2fadc41462ac93396a50d09aaab92dbd70cf
SHA512

fe2140a098ec26f79ac1f9955390e57722af7d61dbfe6ffccef6da0a05e2f48bc5b91bce5d35ee814879798d77ca286cae8fc726177823fcee422c666fc81065
SSDEEP

1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtbuU3zh8cmmPMEgWzJvBQUmkm4M5gPtcNRQ0:Ecqm6U3zhICzfmR4lb3e34UQ47GKb

Score

4^/10

execution phishing

Malware Config

Signatures

Detected phishing page
phishing
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631808757150921"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\dmfweu.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2196	msedge.exe
2196	msedge.exe
2796	msedge.exe
2796	msedge.exe
3924	msedge.exe
3924	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
4932	chrome.exe
4932	chrome.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe
2796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 456	2148	chrome.exe	84
PID 2148 wrote to memory of 456	2148	chrome.exe	84
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 744	2148	chrome.exe	85
PID 2148 wrote to memory of 1396	2148	chrome.exe	86
PID 2148 wrote to memory of 1396	2148	chrome.exe	86
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87
PID 2148 wrote to memory of 4340	2148	chrome.exe	87

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\js\jquery.min.js
1⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ffc1781ab58,0x7ffc1781ab68,0x7ffc1781ab78
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:2
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4196 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4464 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5160 --field-trial-handle=1816,i,15028549169511198082,429000583534685607,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\dmfweu\index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc03603cb8,0x7ffc03603cc8,0x7ffc03603cd8
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11649205313113210328,6477987789570270761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0194acf7-82c2-4229-bbda-0d11e4e41de5.tmp

Filesize
277KB

MD5
5b1eed755cb7233777ca42fdc4d2a8ba

SHA1
1f942d5b93b6edf1658f721b487237405c3af0fe

SHA256
f6f5861c80240d6ee255dcca0543b63ceebde5226912aab7d5b798ea65abf9c7

SHA512
16030726faa1caed6d0d6d91884bd13c3fc1716e297a4999588c4a1c8350965a5e8523342f2ef4bf9b9a69497b5c1e9cdddc94347d403728ccab0e72bb016901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
59648243b9700b8c30a9faf5d723273b

SHA1
9b7d87c95bd4e757a42bf2f75c017a429a6b0d22

SHA256
1a3af701b3c82b3175723659b54661e059d71ada4432b7bdd4dc52645e1c051f

SHA512
062409e26232d9f0b354f779f850ff0d6d6b1163068b46ce476364e0e0fbe435c04d12953c0d7d458aa4d1695ea336ceee0d009167a8f371db3870c59da35f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ac93ea874f689651242537805f61c8df

SHA1
40f147897734d2cfade2a701ca84ed0901c88259

SHA256
75daf54c0860e4668d59556e743eca79d143b65103d736aac06057fcef126d25

SHA512
0f4b28c09a1ef61624b5bb1fd286ca7a7a51488742431dac5df3522244f247c5b7fcb4fba38974d572c6b47319a30a16f29a88e1e76c6c657d0989537ec518fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
65dba9bfe20a46fc80107d99bf8e2637

SHA1
4a7e9937ccffc505edc305c0c9bf88d3df8b3003

SHA256
edb051391b0506826e1c56600625426f3cc6fe765ebbf011d87eb8bfbe537957

SHA512
e4aa6344d0072b1bb491913bf081b8d8faa9f72ac5f8b6f76619e00758e88f46a24f6399ad65175e3cfee6426f061f2f12f1615b7061f8a4ef9bbe5fb8edc6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6afd67a017b689db8807cb1a752d4136

SHA1
c045fee3aadc37593c85e163d90ed18fb813650c

SHA256
4ffc35ba15f48b57e23706039304ab13a8c13771e4ae4e7996ca65310ecdd809

SHA512
ed163b701f409d365bc13dbb6648a60673ddf6ec076f6eb6238f2dc069d9843edc897761725a36fb86ad8de29ca4dae09d70f4ac27591fa82e30b0aa663b2c9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
722110a161f833c63bdae2a6fe03dfdc

SHA1
f8a42d7dcf90be299e77dcf41b5e3a6c4400201b

SHA256
982ce583a006e2d4f092afe91e057b33178d6c9200ea999639f3b4cb6b631124

SHA512
a26bc2c60e8e48ce9c43f4f724acdaf02123b5264364e9760cf2de306d5570f06dda5507523a0573efc33595f35439460d5b6acff5291c6921d688c9e5a14527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
60a3907d555c93645e254d59e9306038

SHA1
10eb7000cd2322f8c1df74f411c8bd533985de20

SHA256
59757208a4e94918b4fe5ed32af55f1a5a0875179b77f13571ba9bc212fd8a6a

SHA512
1ce176e96aeab60132c71da95e88e21875a1dd05240f101f19c33fd485875871899c3464a9ffe4cf4d20b16433009a14c9c41b006731d613323ceb8b6dadfd2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
fc79a5634be0cb04a47f041d2a6e140a

SHA1
8d3c92575df43d3f17238330774810c73e75d6cd

SHA256
c45cf85e73dcb623402453c7f3b2dbe28b6b2e8ba5d0ef05478ea0372e626981

SHA512
ef8fab34a19171334df56c42da1808a7e590554a92e014e7149ed126f2c2fb3d6e8287b8e310f621eb8838dbec6e1487d23a4e028c498eeff0e6dcbeea4f48a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
21d6056df02cd1ecc4b4ff76a7686c4a

SHA1
ca43d531911018127cdd12724d0c46506a9b71c6

SHA256
0d966338193594cb5f8bd670011e656b542166d7fc5359780004f9b762603dc7

SHA512
e48e4815bbfe9502bec1d73495c40138a05ea73cabd36ed4af1a90d59c16bc2d887ccafd873936ccf4d883602eb693eedf53e2f072d76645f92b95c27b3f9af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
469fc00c97518fc465d6e933b0c2af0c

SHA1
2dddbc9fc6a808dc83fa185651d555e7f96565e0

SHA256
2a0b1916d0cb5933388301c6a37e0a46ab8faf61c4da8898611291e98a82e29e

SHA512
12c2762c7cb6ea78c074aafcb62f22cb5d49f966a65c97f9a0c96adedae4667330296b1da053114bbc50b5ccbc022aeaec9b85b1ae1357b46aedfe47ccf68a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ffeb.TMP

Filesize
83KB

MD5
809193721b61bb9543e202a8b655267b

SHA1
b19c08b78cd68977c7624da961b6f82f926891fc

SHA256
bcf1110cb8df112ab0c43a7524c7b3bef1c39b048de53b21ec8bcac0bb33ea1a

SHA512
697f2b120fd0981dbad6bfc37d8aec161108d94fd19566a21c41d127cba75f1f6ffaf42f84eaa1d74525316f0fd8fae55ab04c9383e2647fd6082680d6fd09fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfb66ff6f5e565ac00d12dbb0f4113d

SHA1
8ee31313329123750487278afb3192d106752f17

SHA256
165401ef4e6bbd51cb89d3f9e6dc13a50132669d5b0229c7db12f2ec3f605754

SHA512
8ea206daabc7895923f3df9798bfd96f459bf859c78f3e5640fad550678b5090539f2a1b590883cd9797efee999acccac16d499772f61f5390e91bcc44d60560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9a91b6dd57fc9c4880d34e9e7c6b760f

SHA1
77a09da6ef4343a8b232386e000cd2d6b9fc30a3

SHA256
0170297f0103d4e415653f86dedc31b0827580042f86862206fd3f6f135b543a

SHA512
9fc3b9be931b3edebc4a6809d62d805046bdceb4c27a7db21cfbbcb0e5e253ab529c54d64e465e60904a6ab3b83156e26b97f852c9526f46f037944f806a7f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
383B

MD5
5dcf0fc43167fc069203e1068625b9d9

SHA1
41164bd4566472cca387441ae18181b728e38c51

SHA256
6fac587f859538fba91a1668b8614de06cc83abcdf1c8518cbebb6f02e4eb535

SHA512
4da8529fc63955a63264141b8811ae125a9b5d33574815c7abb97000efd51a7fdd0b2591ad045f3eef2cad9e60ffc5b660b5f2d85294590ccaefe4ebbc31b4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
66238336ed980e269572f0e1bfeabeec

SHA1
05a194ac7b8001f24ee93c390862bd047f39f548

SHA256
ab48b535fa458bacd308a70f2e6aedb9531783a641bf2d37f10f67dddead10a0

SHA512
4e60e0854b5d4f07058c34b0411d6dab24c5845db5eacc3e2413fef368a3ed2b8c7fd46dc7d864886216faa8dbba0608a1b4aa21457266ebda32fc837eccb891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00e735f10f5e6a086faf8d5779beaba3

SHA1
ff9f8f26cced44bbc6ead3feae3b396ead3ac9af

SHA256
16164ecfad1afa9d25c27a6a39eb54b107c7cd6ebb1bf5d679b1a26db5a46c46

SHA512
af90a69b96eb30a2ee7cdd21d220fccbe911cb46d4ced7a5527495cb830d83f3f19c798a05bd776c5669fe9a6822f2d6e0cc47c61360af90f51d1422f30e5ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bf5158038bffcc48677d3030edc1421

SHA1
73aefe609662a2e22f0d04f304cb31eaf1696c8d

SHA256
1ba6a71476910ec306614348c8c58798a4cc22356906519bf83488665a59413c

SHA512
8d983ac7b9443f6eb85469ba48e324e13390d6ba96d3b0a74d7b900caa038b3c269a970de7c0276609e3aa7280a97c1a08c73ee4f2c3bfbf6cb6dc8ed238f1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1fc441c6a8965a13bfe9e7b8964342f

SHA1
9228db63f72b9ff920800c8c893032acca37662f

SHA256
826a32f3589fdc8e14d7e349f918e7fe07b012527504aa4603b7fd6ff82c4674

SHA512
2766c44fe8c599a8cf78a817928bfb83c34bde842c0bb78deb50e742f48bd3b8af5612bdd8020b2a601c8728f91ae1cb5864b9d58639efffc7f64420c3fd56cc

Download Submit
C:\Users\Admin\Downloads\dmfweu.zip.crdownload

Filesize
4.7MB

MD5
2398fc64c63f37f9ebb1001a52156d1d

SHA1
39b57e289f692ad0ab8fb8fe94c65762c7c0f6fb

SHA256
93fef944a3cf763c04fafcb38540b4d5093b003c92a7a4e5b8c35e254d75e537

SHA512
e79e67b07e8e847a72e43fba14040300aec0ef5b55a6a3b7f63df9b128f9870c43b0bca83e008ec23d614fd11b0693d25bec878c125f25403936a3fcee80cbbb

Download Submit
C:\Users\Admin\Downloads\dmfweu.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit