89a9d544a83979ba64d92ac44d86206cf9ee489a8c82351f21e235df93bd5ac5

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea12ab6862249d003130a0ee6ecd0d1c_JaffaCakes118.html
Size

131KB
MD5

ea12ab6862249d003130a0ee6ecd0d1c
SHA1

fb788961925dc6ea5b818bab73c2c526912b5579
SHA256

89a9d544a83979ba64d92ac44d86206cf9ee489a8c82351f21e235df93bd5ac5
SHA512

524e48db2b66a229593b9fdebfb113607623aab8fa9ab3ea1fd21e03aa8f6fbd03eb06aa8323bc5a5bc8e889bea7ddc10e16b67a4e3a8f5b668b95f67bf69fc8
SSDEEP

768:Edk1ATx+Bw24Tp7IogTnAejkPwnO6oa0//PrSeRnwim8Qx8bWfMaYNTdVwXCLDD0:EL+ogTnzi6oJ+eR5ZWXCLDDNcDOuIV4

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{18A23B24-01D0-4975-BBA9-7510D4D804FF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4220	msedge.exe
4220	msedge.exe
5116	identity_helper.exe
5116	identity_helper.exe
5852	msedge.exe
5852	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 1752	4220	msedge.exe	82
PID 4220 wrote to memory of 1752	4220	msedge.exe	82
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 3288	4220	msedge.exe	83
PID 4220 wrote to memory of 4920	4220	msedge.exe	84
PID 4220 wrote to memory of 4920	4220	msedge.exe	84
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85
PID 4220 wrote to memory of 2412	4220	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ea12ab6862249d003130a0ee6ecd0d1c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffdfad146f8,0x7ffdfad14708,0x7ffdfad14718
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16529432090157527887,16724726742372411923,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c48431a9637c60544241c77a1a557284

SHA1
97b487a144b794a3d5ddfaabb4b73024f12c49da

SHA256
e1d9b51a518a97a05b6370ccb871cc88e24858f2f09760652dedb9f2f66149e3

SHA512
4cc67ad521f1ed6bebb002b92eb3a87284ce218280a6c64377752be5c30fe49edf976ae68a70a23d6254a9fcbc0bbf436c67167bdcac0f83546330a82dff7b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f5e81cece13fff413fad7f03236c9e9e

SHA1
e3c6f46314f1805e74f10a7d64ce0c2235c3ef2c

SHA256
2bae12beb75a72c863dc71b3817c4a6dc4260d5bd17eeb32fc3da2a1cfaf20b7

SHA512
994379f84195a1ed0d53dddaad4f5fe21fb94105f8cf060701ce053600934bd27ba2613867d50b028bf34ab7da75024687e31c203902dd6ac6878ed9fac888db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
786ae500e478e55fc114d3b3a0f8dd50

SHA1
745dcddb1376cd011620db6ffee34de45c86bb6c

SHA256
fce5d8a8e3513765dedfffa5da87f68c352de1537e01e22bceb3ac3a707bb22d

SHA512
5852b203250b755470cc39729b4cd6755cb4492771688b472ee3179544d8775a43453e57c0345cbfc910c1524528db43ed3828951d551bca81505b615faa8554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
a90d001b3df2b3aa24dd9ea989d2955b

SHA1
0308a61ff316ec10e598314352936273eedf0eef

SHA256
defc50144226cac0778b6ac6b283a7a2fb28796a96435dc4f361931d90ca5b82

SHA512
5f8a68ebc7b2c3c4b3e12e56849188cf4f826fda625308c79de436d158c19123958f1bf22133ea1b03f080a9528e47f16da94aa8dca72d709b755e42036477cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
2d15778ef44fbcf409323df5b87e4533

SHA1
1731405b793eb2a1e21c1582c95e63fba292a34b

SHA256
c42ae2c2739eb72b6c72be4d933a8e2063838b7048c1d135280d0a97639aac1c

SHA512
fbe3fdea6de512eee8128d4db5a0ee188ba963d6c38f328c87d7887a81fe5b8432ce095a37f67264b4dae706473643a5ed2fc9536ee654095fd7c0538de8f1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
408efb46c2ba8c12be426443a967602f

SHA1
aedec05360941b93e35a7262ccf970ff4198c128

SHA256
654607e5db7a3090a4bed74f0f7585b08ea2c9a2d2645ad6a644d148c0908154

SHA512
d6fedd95342d7e05f90d92a50656ceed1a83a397887764b6832f6b70a46b34e85fdac235b62de7b6f3f71f7054d4f73ae06f4cf3900f7aa55cd9bad5967b8a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
81d0e6b01f1b3fb964f73ed433968c35

SHA1
aae89fc02d60a0d23b92ebd0d0256504a10b1711

SHA256
ea82aa8a4755136acbdf673713db31a786c2a034a7e120839a1316e1a3f9622f

SHA512
5d04ee8da4b0807b833917527c3ea6b4519f87ff7f407da7a9d851a8bd171ffbf3d7764ef4352cdfc0a5c6238401b521e15a8ce93d930abeaa33370f82b7794c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34598eb37dd5672cee78802647bcb494

SHA1
3adaf9e3bd5b24e29e59dc109493fded0e5cc4c3

SHA256
0d537ee9892acaa96bb008fd2db9936396cb7f69f61fabf23e24131f6888d5ff

SHA512
d8a62e35c58109bbead48acfe9cebee7614d7b06c87e90e236d2c5b21b5b896923b5693957826ad6d5c6d8b0cd23607f957c174750220095ad380c73f35894b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
e44366593c4863d9340188f180ac6a3c

SHA1
df962cfb7395a5072144e1bc92aafcd3d881f49a

SHA256
41e5a637c72ba5448ea7bdef44c713c9cb6062dd478c784cd98fa03a3d8a2bb4

SHA512
d8f4b937897fdaffecb34c19a2c1326e89b4189126ecd36ffb849856a10c11f0d3b477376657460d781559a4cc445b4a671f56899941a80d0ba75812e19d3505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5835b1.TMP

Filesize
48B

MD5
af5af85edc433b0ab84c110ae7f2d118

SHA1
69e959fed61e84501040023137e75157521fb718

SHA256
3fcc873923e87a19201174b6db36eaa812a3cbbb3dbdce6862141c2fbb9911df

SHA512
ec185231779b68a26014ca3bc06461fed7c01f1d947ddcaf10ecc4fc4a1202749ca80dd6008dddb014c522759af319c97f6b6c252d4fc7c79bc4254299b0d411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
68610251b9afeb1698b62c78b2d90edd

SHA1
cff888b82140c0d7d1d1fb9496546b3709de82bf

SHA256
98199f98825b612440ceb21246f3d56315c14ddc663cdeb9ce89aa6360923d9e

SHA512
0d06d3c29960c74635b1efea3cdae61133326a76ed5aa5c79d530b4e26062b9fe149f026bc5ec09ef5e53926cfc0cf2fdb477c2859d1b254df021e007a1d98aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
2ec22cf6654d9c116be97cbe94d08794

SHA1
6aa0579b83ced5d756dff1e397809141fbfacd30

SHA256
e3fe38aab71bae8163dd1707540368b1f9517af4711afa4032dc2ad9b269fd77

SHA512
b980572349662ae50afade6bb4ea31fa4769a42a740ba701a0387f870eee7b6f6b1f47764f0e30718389c82cc2e08fd80d2804ef92ee9adc66da7c1aba0604e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58170d.TMP

Filesize
9KB

MD5
108e0720465ad7e388f512174f4f37c6

SHA1
681ec9fb54973d6b20256520d6cfd2d66c8af84d

SHA256
62a6862ddc18ddb070bd5c7dd023b72846f52493a7bc6e00ffcf8d2773132177

SHA512
760223da85fdc9313e4b9ba360da3cd6618a361a07f7563c44894d009e31eb1525b83f21648ca831ec16d9824542f39809819d030b6e18df24d0f1bd5dd7dc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
04650e0f6c35fa9b8140d1d2218e9aeb

SHA1
2b208d7b0f738a9bd3335381a8bfc22687297764

SHA256
b580c5d78b331f37434a4ca859552b9eef7b6bb3d6b4c903c717079077627be9

SHA512
8ab086ffdb656aadbd55bf865a2a9f94f12558d0f81e487a381aefb6a972eb7c4d9b3d4c0b5e142971a4bfe5d11af8f4142bd7798e7241117637b97bceda3665

Download Submit