0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45

Analysis

max time kernel
177s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
Size

340KB
MD5

12be6e7241d2503f31fae01046e88d68
SHA1

77d6871f350be911b2b5c3e16cc2c222c1887779
SHA256

0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45
SHA512

55e24f452dee15473da941c5ab18f7fa398deb4e90712d013caf6df9b21e99c02879e887f7ff9dcfed290d1d41e0131093b2905db694dd54700a4f4eddba5118
SSDEEP

6144:ekJ67YtAnSzyWRbkJbNkdBW9kqcgfiKHLHKbSbGDyBXFgKLH8LJBVYLyMHwXefEC:9J606wRb4mpo

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-36_altform-unplated_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileMediumSquare.scale-100.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-40_altform-unplated_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleMedTile.scale-200.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-96_altform-unplated_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-140.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSplashLogo.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-400.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\SmallTile.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\28.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\Default.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-80_altform-unplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\WideLogo.scale-125_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\FreeCell.Wide.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleSmallTile.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_altform-lightunplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\tab_mru_darktheme.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\SplashScreen.scale-125_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_DogNose.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-125_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\LargeTile.scale-200.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-72_altform-unplated_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageSmallTile.scale-150.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-16_altform-unplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\MixedRealityPortalAppList.targetsize-96_altform-unplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Sunglasses.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_NinjaCat.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_altform-lightunplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-40_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-150_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-100.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalMedTile.scale-125_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeWideTile.scale-125_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\202.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-64.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\SmallTile.scale-200_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-150_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Dark\GlowInTheDark.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Paint3D.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-100.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-black_scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-100.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-125_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-200.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-24_altform-unplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\pstn\PSTN_phone.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Transit\contrast-black\SmallTile.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-150_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-30_altform-unplated.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-400_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookMedTile.scale-125.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSmallTile.scale-100.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchStoreLogo.scale-125_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-100_contrast-black.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\FileIcons\FileLogoExtensions.targetsize-48.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-125_contrast-white.pngCR	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
2436	msedge.exe
2436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2436	2844	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe	82
PID 2844 wrote to memory of 2436	2844	0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe	82
PID 2436 wrote to memory of 3600	2436	msedge.exe	83
PID 2436 wrote to memory of 3600	2436	msedge.exe	83
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 2320	2436	msedge.exe	87
PID 2436 wrote to memory of 3324	2436	msedge.exe	88
PID 2436 wrote to memory of 3324	2436	msedge.exe	88
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92
PID 2436 wrote to memory of 1592	2436	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe
"C:\Users\Admin\AppData\Local\Temp\0068712434bda717df0d783b560b312854cb7dd4cf07891fa388432717b79a45.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Greeting Card.html
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffbaec246f8,0x7ffbaec24708,0x7ffbaec24718
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5330664368978031839,9833485627223717538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
    3⤵
    PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,5330664368978031839,9833485627223717538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,5330664368978031839,9833485627223717538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1336 /prefetch:8
    3⤵
    PID:1592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5330664368978031839,9833485627223717538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,5330664368978031839,9833485627223717538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,5330664368978031839,9833485627223717538,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 /prefetch:8
    3⤵
    PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\Greeting Card.html

Filesize
159KB

MD5
6d07a40eec7b7afc6522652af978809b

SHA1
4b098cdedc2ca5ba9b6041e1d5aa59ebf5848ea2

SHA256
6e3eb3f36ca00a510502e71fbcf705b3c7d2c862c951c808266e47d081138efa

SHA512
2109e88c3725ade107bb84899f9a132163c905cc23f5940964839d6b55810d842327e29c6d129575472f1722dee52d1da9d8b7644ddc32c2fe2493b700a71507

Download Submit
memory/2844-132-0x00007FFBABD60000-0x00007FFBAC796000-memory.dmp

Filesize
10.2MB

Download