diamondfox | 7f60e7e84d3c41ba78df6718bf8b3e41af626956e56f9e98ca5a370f6ef7f53c

General

Target

54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exe
Size

1.5MB
MD5

d04da71fa3ec4f986aebf533c7f500cd
SHA1

351792c9d94e6fefc9ba91a12d1a220eb28eb7b7
SHA256

54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02
SHA512

713ca22d97673fc30b3d164375cf5d5629b7d6d680d82b8cb552c65592eb619735fc1ce8e5c92a93112d49baf37a24aed244f4bd721de8177d5fba12cec36840

Score

10^/10

diamondfox botnet stealer

Malware Config

Signatures

DiamondFox
DiamondFox is a multipurpose botnet with many capabilities.
botnet stealer diamondfox

DiamondFox payload 2 IoCs

Detects DiamondFox payload in file/memory.

Processes:

resource	yara_rule
behavioral2/memory/2512-146-0x0000000000400000-0x000000000058A000-memory.dmp	diamondfox
behavioral2/memory/4488-153-0x0000000000400000-0x000000000058A000-memory.dmp	diamondfox

Executes dropped EXE 1 IoCs

Processes:

EdgeCommonService.exe

pid process

4488 EdgeCommonService.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4488	EdgeCommonService.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

chrome.exepowershell.exechrome.exechrome.exechrome.exe

pid	process
4212	chrome.exe
4212	chrome.exe
4516	powershell.exe
4516	powershell.exe
4516	powershell.exe
4516	powershell.exe
4420	chrome.exe
4420	chrome.exe
4612	chrome.exe
4612	chrome.exe
4884	chrome.exe
4884	chrome.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 4516 powershell.exe

description	pid	process
Token: SeDebugPrivilege	4516	powershell.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exeEdgeCommonService.exechrome.exe

description	pid	process	target process
PID 2512 wrote to memory of 4488	2512	54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exe	EdgeCommonService.exe
PID 2512 wrote to memory of 4488	2512	54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exe	EdgeCommonService.exe
PID 2512 wrote to memory of 4488	2512	54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exe	EdgeCommonService.exe
PID 4488 wrote to memory of 4516	4488	EdgeCommonService.exe	powershell.exe
PID 4488 wrote to memory of 4516	4488	EdgeCommonService.exe	powershell.exe
PID 4488 wrote to memory of 4516	4488	EdgeCommonService.exe	powershell.exe
PID 4048 wrote to memory of 784	4048	chrome.exe	chrmstp.exe
PID 4048 wrote to memory of 784	4048	chrome.exe	chrmstp.exe

C:\Users\Admin\AppData\Local\Temp\54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exe
"C:\Users\Admin\AppData\Local\Temp\54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Users\Admin\AppData\Local\CommsEdge\EdgeCommonService.exe
"C:\Users\Admin\AppData\Local\CommsEdge\EdgeCommonService.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4488

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Set-MpPreference -DisableRealtimeMonitoring 1
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=960 /prefetch:1
1⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
1⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
1⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
1⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
1⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
1⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8
1⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4500 /prefetch:8
1⤵
PID:4828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6912 /prefetch:8
1⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6788 /prefetch:8
1⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4384 /prefetch:8
1⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:8
1⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:8
1⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
1⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6536 /prefetch:8
1⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
1⤵
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
1⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
1⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6628 /prefetch:8
1⤵
PID:4964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4076 /prefetch:8
1⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
1⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3928 /prefetch:8
1⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
1⤵
PID:1780

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel --force-configure-user-settings
1⤵
PID:4048

C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x240,0x244,0x248,0x21c,0x1f4,0x7ff6f50da890,0x7ff6f50da8a0,0x7ff6f50da8b0
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4036 /prefetch:8
1⤵
PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3984 /prefetch:8
1⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3940 /prefetch:8
1⤵
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7040 /prefetch:8
1⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6568 /prefetch:8
1⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
1⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5992 /prefetch:8
1⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6072 /prefetch:8
1⤵
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6496 /prefetch:8
1⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6520 /prefetch:8
1⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6508 /prefetch:8
1⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5628 /prefetch:8
1⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:8
1⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4912 /prefetch:8
1⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6348 /prefetch:8
1⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4836 /prefetch:8
1⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6356 /prefetch:8
1⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7232 /prefetch:8
1⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5304 /prefetch:8
1⤵
PID:3988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7444 /prefetch:8
1⤵
- Suspicious use of WriteProcessMemory
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7560 /prefetch:8
1⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6756 /prefetch:8
1⤵
PID:3240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:8
1⤵
PID:4644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
1⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7196 /prefetch:8
1⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8040 /prefetch:8
1⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8056 /prefetch:8
1⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 /prefetch:8
1⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
1⤵
PID:1240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
1⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7976 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:1
1⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
1⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4080 /prefetch:8
1⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6956 /prefetch:8
1⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7472 /prefetch:8
1⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8064 /prefetch:8
1⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4864 /prefetch:8
1⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8
1⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1604,5280732973157474417,3711850632069770481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7852 /prefetch:8
1⤵
PID:3844

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CommsEdge\EdgeCommonService.exe
MD5
d04da71fa3ec4f986aebf533c7f500cd

SHA1
351792c9d94e6fefc9ba91a12d1a220eb28eb7b7

SHA256
54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02

SHA512
713ca22d97673fc30b3d164375cf5d5629b7d6d680d82b8cb552c65592eb619735fc1ce8e5c92a93112d49baf37a24aed244f4bd721de8177d5fba12cec36840

Download Submit
C:\Users\Admin\AppData\Local\CommsEdge\EdgeCommonService.exe
MD5
d04da71fa3ec4f986aebf533c7f500cd

SHA1
351792c9d94e6fefc9ba91a12d1a220eb28eb7b7

SHA256
54cc0861c094317e4aafa4508e389e626588e1a1b6455deb445c5816ed7c2d02

SHA512
713ca22d97673fc30b3d164375cf5d5629b7d6d680d82b8cb552c65592eb619735fc1ce8e5c92a93112d49baf37a24aed244f4bd721de8177d5fba12cec36840

Download Submit
memory/784-312-0x0000000000000000-mapping.dmp

Download
memory/2512-145-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2512-146-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/3912-114-0x00007FFF8E2B0000-0x00007FFF8E2B1000-memory.dmp

Filesize
4KB

Download
memory/4488-149-0x0000000000000000-mapping.dmp

Download
memory/4488-153-0x0000000000400000-0x000000000058A000-memory.dmp

Filesize
1.5MB

Download
memory/4516-173-0x0000000007DB0000-0x0000000007DB1000-memory.dmp

Filesize
4KB

Download
memory/4516-188-0x0000000008490000-0x0000000008491000-memory.dmp

Filesize
4KB

Download
memory/4516-160-0x00000000049A2000-0x00000000049A3000-memory.dmp

Filesize
4KB

Download
memory/4516-159-0x00000000049A0000-0x00000000049A1000-memory.dmp

Filesize
4KB

Download
memory/4516-162-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/4516-163-0x0000000007420000-0x0000000007421000-memory.dmp

Filesize
4KB

Download
memory/4516-157-0x00000000048E0000-0x00000000048E1000-memory.dmp

Filesize
4KB

Download
memory/4516-165-0x0000000007D40000-0x0000000007D41000-memory.dmp

Filesize
4KB

Download
memory/4516-187-0x00000000074F0000-0x00000000074F1000-memory.dmp

Filesize
4KB

Download
memory/4516-158-0x00000000075A0000-0x00000000075A1000-memory.dmp

Filesize
4KB

Download
memory/4516-191-0x0000000008400000-0x0000000008401000-memory.dmp

Filesize
4KB

Download
memory/4516-208-0x00000000091C0000-0x00000000091F3000-memory.dmp

Filesize
204KB

Download
memory/4516-215-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/4516-220-0x000000007F6D0000-0x000000007F6D1000-memory.dmp

Filesize
4KB

Download
memory/4516-225-0x0000000009510000-0x0000000009511000-memory.dmp

Filesize
4KB

Download
memory/4516-230-0x00000000096E0000-0x00000000096E1000-memory.dmp

Filesize
4KB

Download
memory/4516-246-0x00000000049A3000-0x00000000049A4000-memory.dmp

Filesize
4KB

Download
memory/4516-152-0x0000000000000000-mapping.dmp

Download
memory/4516-441-0x0000000008520000-0x0000000008521000-memory.dmp

Filesize
4KB

Download
memory/4516-447-0x00000000074C0000-0x00000000074C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads