1d41041f8f3ee2e7657047cbf142ca5e95509194b579b76a2a59bfe294a0e7d6

Analysis

max time kernel
145s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 00:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce415f8486a7ae71601b298072bb1fab_JaffaCakes118.html
Size

891B
MD5

ce415f8486a7ae71601b298072bb1fab
SHA1

f12afd65e5a4cb27d1420ac1d1cd3ff7052840df
SHA256

1d41041f8f3ee2e7657047cbf142ca5e95509194b579b76a2a59bfe294a0e7d6
SHA512

ef5d286f09fa5b7c5fcd2d269f7e03c02b6b9eb96e3eb23c4cb9d529f2d091d3134a77399e9d82a5a7fd40f7f93d6fbb7b0c2d5f2661a213a0033e17a30a5514

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3340	msedge.exe
3340	msedge.exe
2464	msedge.exe
2464	msedge.exe
5024	identity_helper.exe
5024	identity_helper.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2352	2464	msedge.exe	83
PID 2464 wrote to memory of 2352	2464	msedge.exe	83
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 4400	2464	msedge.exe	84
PID 2464 wrote to memory of 3340	2464	msedge.exe	85
PID 2464 wrote to memory of 3340	2464	msedge.exe	85
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86
PID 2464 wrote to memory of 2776	2464	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ce415f8486a7ae71601b298072bb1fab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84c9246f8,0x7ff84c924708,0x7ff84c924718
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13108073371384783913,6436206286393703475,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

Network

DNS

104.219.191.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.219.191.52.in-addr.arpa

IN PTR

Response
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

burn4fastss4tmz.world

msedge.exe

Remote address:

8.8.8.8:53

Request

burn4fastss4tmz.world

IN A

Response
DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.102.138

google.com

IN A

142.250.102.139

google.com

IN A

142.250.102.102

google.com

IN A

142.250.102.113

google.com

IN A

142.250.102.101

google.com

IN A

142.250.102.100
DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

142.250.102.113

google.com

IN A

142.250.102.138

google.com

IN A

142.250.102.102

google.com

IN A

142.250.102.100

google.com

IN A

142.250.102.139

google.com

IN A

142.250.102.101
DNS

burn4fastss4tmz.world

msedge.exe

Remote address:

8.8.8.8:53

Request

burn4fastss4tmz.world

IN A

Response
DNS

241.150.49.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.150.49.20.in-addr.arpa

IN PTR

Response
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

burn4fastss4tmz.world

msedge.exe

Remote address:

8.8.8.8:53

Request

burn4fastss4tmz.world

IN A

Response
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

burn4fastss4tmz.world

msedge.exe

Remote address:

8.8.8.8:53

Request

burn4fastss4tmz.world

IN A

Response

No results found

8.8.8.8:53

104.219.191.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

104.219.191.52.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

burn4fastss4tmz.world

dns

msedge.exe

67 B
135 B
1
1

DNS Request

burn4fastss4tmz.world
8.8.8.8:53

google.com

dns

msedge.exe

56 B
152 B
1
1

DNS Request

google.com

DNS Response

142.250.102.138

142.250.102.139

142.250.102.102

142.250.102.113

142.250.102.101

142.250.102.100
8.8.8.8:53

google.com

dns

msedge.exe

56 B
152 B
1
1

DNS Request

google.com

DNS Response

142.250.102.113

142.250.102.138

142.250.102.102

142.250.102.100

142.250.102.139

142.250.102.101
224.0.0.251:5353

528 B
8
8.8.8.8:53

burn4fastss4tmz.world

dns

msedge.exe

67 B
135 B
1
1

DNS Request

burn4fastss4tmz.world
8.8.8.8:53

241.150.49.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.150.49.20.in-addr.arpa
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

burn4fastss4tmz.world

dns

msedge.exe

67 B
135 B
1
1

DNS Request

burn4fastss4tmz.world
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

burn4fastss4tmz.world

dns

msedge.exe

67 B
135 B
1
1

DNS Request

burn4fastss4tmz.world

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a90b6e9dbb6d6dba4f3a33e15613c21b

SHA1
2d5e6fcc4eac96e628fad535ff06a27c88128098

SHA256
fb6a29e257e976247b92d9aea5a2e0efdb76294fa8ff41c8ed71550fbff2ad9e

SHA512
e697d0624244a899957f6ea0576690d5fe964a0259ff2f07e2f115dd7a44337beadd672681c84e2448c89dd34546e7d4d782f1b20032447aa0f1c6d847ccd3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5afebe2a904374f3b827e209b8178a3c

SHA1
b81fe25626e1d7845f89b4b0d166c3dab4bcf430

SHA256
31a7f769ff6878dbfa53a5310d545e03f1001dae11e41408c4f13fbf0c9d7b2e

SHA512
5a5fe1f0a60eabf4aa773f01a7835c360f67e3c290ffbd8bc07e7e27be7527acd85c8f2bf34cc12a96f1e95d460ab9b99e4e6ff64977ac9d91dfbbc8ea4c4e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b421e54a5153487240799dea25452fcc

SHA1
545ca9900e5cfa5f3143e02ee7182e8a34eb865b

SHA256
0a922827a8ffe34e8caafd6cef389341adb4182e958f18fdad4f026ab99e5432

SHA512
b6702037f864ded0fb5ac510f880b14ca5549b03ef9a0f2a812d7b74dd7ac3d9efd2696dba6a5ca2b5cd96e1185ee125f460ccb3718473347ee9da64b841658e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.