553795cfe1917dd97713c269a08ad13779266480716485593d57e0d75ec062d6

Resubmissions

05/05/2023, 19:21

230505-x24drsgh87 1

05/05/2023, 19:18

05/05/2023, 18:18

05/05/2023, 16:22

05/05/2023, 16:15

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

login.html
Size

26KB
MD5

7e5cf6762a08294f83a0f55de39172b3
SHA1

a20cb9e9865ee546d0bdb399a8245e79a82ef0b4
SHA256

553795cfe1917dd97713c269a08ad13779266480716485593d57e0d75ec062d6
SHA512

3e5e78014ae703661388403df90ca9f333d1d692eedff6e69a682b09064f81e0faa7fa0b654cafb471e9addb30d44cbc5bc3a5d58fd8c39b56099a2c6f50a753
SSDEEP

384:1V77sGGzK+TpQn7M9cyqy/f2f/Yb6WiZsffGfMfgW3syZj5XCqzGX3f:w+scm2f/Yb6H+3UWgUsyZ98

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 15 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{73A174F7-EB8A-11ED-BDA1-F6AC10968584} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73A174F9-EB8A-11ED-BDA1-F6AC10968584}.dat = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133277952241910081"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4156	msedge.exe
4156	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe
Token: SeShutdownPrivilege	4420	chrome.exe
Token: SeCreatePagefilePrivilege	4420	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe
4420	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3832	iexplore.exe
3832	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 2660	4420	chrome.exe	85
PID 4420 wrote to memory of 2660	4420	chrome.exe	85
PID 3832 wrote to memory of 212	3832	iexplore.exe	86
PID 3832 wrote to memory of 212	3832	iexplore.exe	86
PID 3832 wrote to memory of 212	3832	iexplore.exe	86
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 4232	4420	chrome.exe	92
PID 4420 wrote to memory of 1928	4420	chrome.exe	94
PID 4420 wrote to memory of 1928	4420	chrome.exe	94
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97
PID 4420 wrote to memory of 3240	4420	chrome.exe	97

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\login.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3832 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa91339758,0x7ffa91339768,0x7ffa91339778
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:2
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4316 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3456 --field-trial-handle=1772,i,4281590682056551482,15957113034605533215,131072 /prefetch:1
  2⤵
  PID:5600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fortnite.com/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8e2a46f8,0x7ffa8e2a4708,0x7ffa8e2a4718
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15053918226619241213,14563959958167460973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15053918226619241213,14563959958167460973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15053918226619241213,14563959958167460973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15053918226619241213,14563959958167460973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15053918226619241213,14563959958167460973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15053918226619241213,14563959958167460973,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:5292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
852787b31b87ce784723461f89ff23e3

SHA1
21fabf29240aa0430073f4cc70344c020ccab59d

SHA256
95b0b0e9d2f83308f5fccd22dbc6557b098fc93bd5946cea53cd91372bb5721d

SHA512
0e2d7e209d418620d3d1e484c20e621d55597801e317a05c98da6929fa7ce7ad8bfebea4c37ee4f338023c270d014b9d7d47a6f361974f9d994cfa80844f4221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
a21bbc3dc55fabc2fb9f4f8508744e39

SHA1
e2641f6590e7bfef52ba54096ab572bd77c8dacf

SHA256
f40b31dbadd05fb8b205b4424a1f62ecb61207959f3c74a5e577cf541e945aeb

SHA512
6546150fbca1cb539c575bffaec190a4d5a3d4a22e04b3d75e5f69fc8d3af386a4c2369f9322194736b36a4467e1a652daeb82874ce8b38ea93162dba271b97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ebe7f43f158ac9c3a191e8ab9749944e

SHA1
1b2e64cb12feb1dd302767a250320dd7633b5edb

SHA256
a86f4f2cef12c8b0d957d46471bf4c56f97d5a3c215af226dc3848440e55d6ed

SHA512
4daeeb8bac63b72b51ea56379b72c0d5b616988bd148bbd03406f82e328b62c05356d1cdf5937c6b736c3c5ff237ccc673dc3e787123882d71637e568b3a9070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8db2988447b7f2d3038b55f05e6602d5

SHA1
c6be1c110734f79d45688f3064e1fbf3c3282cd1

SHA256
64866dda78c69a27a88e2e0b6b358511d689591381778abed43b839a59c6867a

SHA512
9096bda87cf1dab744ca38f4314de6e8f3b430d931464a15813ea7ba6f789dad3e10b7011ae4e2dafeb200f6afaf02ba0486af908e4f8a76849d5da6bb313a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
cba8a12338e7d4734f3a5e6623b26465

SHA1
1b726367af8d7f79c02494856c2b1d0f44412219

SHA256
da7eca5c56db6e47ceb3ffb3e506d7e46f70461ef1af3ab5361d0b0c866671ae

SHA512
832c3611f88eac6c78cda236f7c4511954ba4031f336ec301b19b1f232449a51f90f799ab8f616f0805bf71e00e3b80fdaf3793b5c9d764b8943a3ba3ea21f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a919a3250aec1981f928761a4ff0eaf2

SHA1
1f9c88ddb37ab245e4dd7c88ed25d0c940a5802a

SHA256
3d83ab98e4021095c28c7e777e1fa7ca667abf899c3ef648b943be074ebea05a

SHA512
f8886b89c20ada65c0d59c3457e8ed27888aa745f500b5d8cf622a80fb3a005ac97af8db8b01423e29d1004f49ac7ecf469c82a650454837a613b9b8f9ee4377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3ad95a4416ff41454050a5d1d23aa51e

SHA1
f30ba2f6208a1cd66468231784e7d3209db62cca

SHA256
6f33405a3c920916e8564c671909f6f2bc4ed440f0ec4ff65200875d7f72f167

SHA512
c165fd71444d85e9d5648977be75c7418c23435c0556c68f0828db0c23b28cee0a3963e6ef5f446ef8aa4c34d8e4458c5394b646758db2e8c47f8369748810e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
03da9e478db08f19263edbbb470a89a2

SHA1
6a117851f0a19b37163c6b16217a444185f970d7

SHA256
f3ac53b9aee59a5b7c546d2ac2877ab9765fb3c0edeeb1ff808fe100441a2da0

SHA512
49984d9fcfe7651d291ad8dcca862c54a442419eaa5d740b86c1166a5c63a66ee9c108bdf14e45e40709f7a54a8bc21f1ee42f73deb0c095a7b5b93ee62dbec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
761790c4564eef97aa52e662ab4d43ee

SHA1
68476557ac418a83973bd67f35c3870ed80ee07f

SHA256
732a059ff0f17782062b27ebd306b62f86884f2e3fefc9024b6afb72c2c76706

SHA512
06ab6f0e6964d73596e9ae538efcf0b21be040dc323187645d7812560cb29a0c30774a02d00be676df5bf4f392a9b32ea79ee51d4d9f6cf41bdf303f70a40512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
761790c4564eef97aa52e662ab4d43ee

SHA1
68476557ac418a83973bd67f35c3870ed80ee07f

SHA256
732a059ff0f17782062b27ebd306b62f86884f2e3fefc9024b6afb72c2c76706

SHA512
06ab6f0e6964d73596e9ae538efcf0b21be040dc323187645d7812560cb29a0c30774a02d00be676df5bf4f392a9b32ea79ee51d4d9f6cf41bdf303f70a40512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
23e5f7107c1791706cde8b7bdc7365e0

SHA1
2cc645168672cc26001087bab14d179a75f63d08

SHA256
4919834f7d7cf1e7420e290012b99b620d5012f76a1833330af738d0f43c54a0

SHA512
c316c569ac424e5e91abd85c8b5dbf642b4269cc7624ae762134aca4ef95b7d6756ca8d479187fc659dfe2765526d2a7ecca9068bc8b7761d9117f7f3bef03fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

Filesize
19KB

MD5
f823b1baf3059d9268ac79d37703f83e

SHA1
e5c0f14692c934234c6697849d900e671bc1a7b0

SHA256
0529b8c3441c5ea9f35d0068afcf7cac6611891633bd6f840eccd5be0461e476

SHA512
45c3d4293e26bd810e0e62f4783813975cb1fd120b44d2218c5b3548bfb743e4ca83df69c7e51a9c8bfe3fd8d809c3b3ec4654249b0734007a46ac50c630cbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
9ee02ea5af1a109419573cb06449d51a

SHA1
6ac8bf185db3999a677300b346639120fe0c699f

SHA256
532381260a864027a78ed353866bcbdfafcc6a67dfe4c9e975506b5d56499117

SHA512
67796b11806ce3e46299a86c0e1aefc2250ef0ebebfca145eb2c680f025e5b2b14f2acb8b16eb436975dd09c58aef37c9eed245f17f9afbcc4e0680c1975214f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe590620.TMP

Filesize
48B

MD5
0f0c69a42ec751a466a84f1d0001d163

SHA1
9f77352eb6ba42a376f7bdd0217b161b341d1db5

SHA256
99ba61875bbcc683e3fda9336321a31b3850086aa1113d19875c021f9c63cc66

SHA512
3c9f1d80cbc39623eefb9623f109e5bdfc48948ddb10043330c7f885be5a6859d9e020d15d194c803e4dd29384fd9c67368054a2a7d43da148676088b2373d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
c0a58bd36bf594713aacae428e35175a

SHA1
60f08ef788039eacdaafd806465a865256e00116

SHA256
dafac6ea497117ba29d10bedaf43dd9313127ae99794e6a6336a2b23212514d2

SHA512
0c0f43557041cf78dffad17863bdd4a08fd7c49974f5b99078fc9fa27d83601cb0ea586d8b1284796d6f0041d0aedd4724e84c43970fd7450cfb61901bb05dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
25130547b8ef1609f2a42b08c74a597d

SHA1
ae682a929e8c03ed0111c1118e4cb06a628706be

SHA256
e84869bdc470cd3b4803488e42f8b9bab96d7fadcb837607f745821fb06cc86b

SHA512
cc10393474d609ae1c2f608338432b978180bcc4c9986c7efe289a7e0cb4b06bb368d115b53e3b40a89400bcdb4e52cbfad180a528f0016c2ef84ce3d086fe89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
565addb33444e8ebfef5587deca39412

SHA1
ff37e7f52d51fe3a33bad4c688d5494f8cc4b740

SHA256
1aa9ae67fc2072e13649fe8db13d3dd385b65a07e0e7e8b9475126a83ab8a8fc

SHA512
6b5eb141964a0b87c12164543fd8d52fb0ba806787f244a98d1419246577dcd78e872c992b9a5b5adaa1c63959fcc38681d3f4259048497d6aebfb990d630577

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e5ba0451ff36f3ea9e13836ff06ff26

SHA1
29d9432a220b56a8aff2ec973bd6006dad895117

SHA256
be939c53dedb05948868aab0d04a7a31d9883884262e1da601e23cf95ca80951

SHA512
10247ac659e1ad79d1984e617f9ded79cbddfe9c69177968f385729cf7d934c3ca82d4da8ad5dc025336b2ffdb0fbb7629fc0c400896304a5a71a001d030ee9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
462f787657812f8b610b39ce16ece3f2

SHA1
af24a33d3913effd564d2e38033203b439655c12

SHA256
b29a70132af556757e68e8435b29cf9c2637f6a0b41b5f67c20e1dc18ad50f2f

SHA512
1339a8cc4e895691286fcf8862dda91d0df758ea0b2009bcca7797530fd07da87d2df6fa5d0ab4c1ecbbfb55ac2e22881d2009a79af50cb19f7a424c931a3fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59110d.TMP

Filesize
204B

MD5
228928bb4d9d380768ae35fbd172f6e9

SHA1
92a56fb11a460f531d752cc89ed78f45426a996e

SHA256
223e41118dea1f2c4d50bfd23e4b1099a6ea43281401116ee88796ba8fed8210

SHA512
bd7a3e998586b611465542d1e5266c457dc66250e1f773d97334335b061a8d404d9df180c6d4baa91a3279d36a471ce9c8809006b8701fdd3f6a4df5a5590f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8c4c9bcf39ab427054cd81d30b200605

SHA1
abdb344a43a579ac9abf31f5c8e2be21142ccd3e

SHA256
5ac316e1497cd61731c99c51ac83af8e48dc7a6bbb6482a701316bd51dc382d4

SHA512
ef1e01d9e62905f5f60a2f107151ea8af187ddfd429538077153c74ba4271c6fa685a52d9c1ef9f82f9a477d64a8804aaa10cf3b47b165c6be9eb2f5a871bd7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
71fbc5981782e05693e9b69c0e07566b

SHA1
5269ad644516bf13c005549ae454afc8aa1215f5

SHA256
589281dacd794b6c0174e748a4505b896cf3e4814119839666d8c52cb5146d6c

SHA512
3fa92194c9646e6c196f0598b2a697655b50d2fd8d4ea325c947fd16c744897c64322e6bc1bae779f3d7cd511b0b185a2642a7bd98d6196f6bc0621563f05a89

Download Submit