bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d

Analysis

max time kernel
299s
max time network
272s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
25/12/2022, 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe
Size

5.6MB
MD5

e16a355aee8243229bc2eec7bda6e79b
SHA1

98f106c66a189615e8c0b21e674c91f3d858cdc4
SHA256

bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d
SHA512

5a11ceadadec78a4f0b61e67ab3b5ff5b17fdb441f165b2043d9e31f3602a6485d2f03478bb0cf9b0392e95dc9f3c1a3a7880a0d21e4d8037b65f5f0d6ee17fc
SSDEEP

98304:tvw163r7GK04sp4BkAY43WiPBIHHyIWd36hth1Gd0GHeLhad/fdX+IrR:4IYX2BkAYwWiPBIHH6d04iAetUf9+q

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2716	edgeTaskUpdater.exe
4084	edgeTaskUpdater.exe
1288	edgeTaskUpdater.exe
4268	edgeTaskUpdater.exe
4440	edgeTaskUpdater.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2716 set thread context of 4544	2716	edgeTaskUpdater.exe	71

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
2396	schtasks.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1760	bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe
1760	bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe
2716	edgeTaskUpdater.exe
2716	edgeTaskUpdater.exe
2716	edgeTaskUpdater.exe
2716	edgeTaskUpdater.exe
4084	edgeTaskUpdater.exe
4084	edgeTaskUpdater.exe
4084	edgeTaskUpdater.exe
4084	edgeTaskUpdater.exe
1288	edgeTaskUpdater.exe
1288	edgeTaskUpdater.exe
1288	edgeTaskUpdater.exe
1288	edgeTaskUpdater.exe
4268	edgeTaskUpdater.exe
4268	edgeTaskUpdater.exe
4268	edgeTaskUpdater.exe
4268	edgeTaskUpdater.exe
4440	edgeTaskUpdater.exe
4440	edgeTaskUpdater.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2396	1760	bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe	67
PID 1760 wrote to memory of 2396	1760	bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe	67
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71
PID 2716 wrote to memory of 4544	2716	edgeTaskUpdater.exe	71

C:\Users\Admin\AppData\Local\Temp\bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe
"C:\Users\Admin\AppData\Local\Temp\bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /CREATE /TN "EdgeUpdater-Task" /TR "C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe" /SC MINUTE
  2⤵
  - Creates scheduled task(s)
  PID:2396

C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
  2⤵
  PID:4544

C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4084

C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1288

C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4440

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe

Filesize
769.4MB

MD5
df16c1cf93ac7434e375ddcaf0548e36

SHA1
3cae04a46bf496a25ef4b66d8a4e4fdc05fbe5db

SHA256
52e1444ff5e31ad2fa90f5ec322378cec19149557c631ee0b24da76bd4d03a6c

SHA512
e1f7d81dd7a82cc866dbf26c6a47e8642091b9c8bffe9e9cb3b2e9af95d913c3e803d328cfb8cf3e8cdcb83e1474e9e79e2a5b809cb993067506cc3f897f866e

Download Submit
C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe

Filesize
767.6MB

MD5
6af8769e2eaaa68de9f5dbf007b9bec2

SHA1
7519ccae1046470825893e198785eb3174331ebc

SHA256
00720ce85d714c9a63933e8e897129c4f794d4ae658715513fd83da975744e29

SHA512
748f3dab75dc5f5064983f50c3dad4dcc1d300cfb0cb5fc003c96f91d9d222b56b1c13a6b5ee30f30fc320af6297c8766afb26070c348b6482c4b73093fba7ea

Download Submit
C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe

Filesize
530.8MB

MD5
048cd504ea5f6b4ec53e58a49b4e6507

SHA1
209dece48b47c4c6092eae4320718a70b553530f

SHA256
9016bcb3204aed7ba4cc504b7c860f4de8d63ff3ee71767c3708b2bb23e4336b

SHA512
5f7691b389b44a05c9e3147690fd304caa4144fc1710b6eb8ee4970c99cd35bd383cb81b4cdf3c9adcafd0d8f5047b64de42d65022ef9b267f1ca0f85e150d31

Download Submit
C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe

Filesize
366.2MB

MD5
2fd041b82992449a197f27af8ee6e44f

SHA1
0cbdae69499996a3a38e295b15830d6b6064d6d6

SHA256
74c968323383ecfd05b09d4c314f7ade8c1ecfc6ff5ccc0d752c22b1975b4756

SHA512
c609e679efc027c7d2036847d9409d981b8e6faa579e068946d35d8694a033b35b2da60fb94258395f29bc16d5f16528dd74983a6a44d7de62b0a886bebf740e

Download Submit
C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe

Filesize
186.1MB

MD5
8dc5ae7a3ee8ab45249c40bcde353acb

SHA1
395fd71aea64b27aa14505ada1d30c4dce970dc7

SHA256
72fa1889ac6240739a6bec362e69795ae910e080f1a025e6439df6b07ad3603f

SHA512
c4829de9bd736f8ad253593dcf270614ee6c8aeca977d4eedb466bd99038a6da1062580b6d9766f17cc556cb8e3603781c0e1e7591c2deb6193e6b919c315f7e

Download Submit
C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe

Filesize
21.8MB

MD5
346113a50cd9abff34e1c68ea1da1fe6

SHA1
994ce51aa960974956fb2c79c359c97907368367

SHA256
f13d90a1fef9bbfeb85d4ad99b45a981e882ec96e2764c48585e7b0438d3a104

SHA512
532e44d5e44c4e62f8bf7b3ec85c8070fb48cc04646e63c5adbaeb0423d3f9019dd2385761f487853d16a508cad2a2130c1787862620689c2accbbaaf77e7de6

Download Submit
memory/1288-190-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/1288-193-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/1288-194-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/1760-123-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/1760-117-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/1760-120-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/1760-121-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/2716-129-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/2716-126-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/2716-130-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/2716-151-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4084-188-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4084-187-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4084-186-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4084-183-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4268-200-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4268-199-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4268-196-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4440-202-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4440-205-0x0000000140000000-0x000000014091D000-memory.dmp

Filesize
9.1MB

Download
memory/4544-158-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-172-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-137-0x0000000000720000-0x0000000000734000-memory.dmp

Filesize
80KB

Download
memory/4544-136-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-135-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-153-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-152-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-156-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-157-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-155-0x0000000000720000-0x0000000000734000-memory.dmp

Filesize
80KB

Download
memory/4544-154-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-143-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-160-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-159-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-162-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-164-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-165-0x0000000000720000-0x0000000000734000-memory.dmp

Filesize
80KB

Download
memory/4544-166-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-163-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-167-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-168-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-169-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-161-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-170-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-171-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-140-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-174-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-173-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-175-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-176-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-177-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-179-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-178-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-181-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-145-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-147-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-148-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-149-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-150-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-146-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-144-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-142-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-141-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-139-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-138-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-134-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-133-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download
memory/4544-131-0x0000000000720000-0x0000000000734000-memory.dmp

Filesize
80KB

Download
memory/4544-180-0x0000000077850000-0x00000000779DE000-memory.dmp

Filesize
1.6MB

Download