33ee4bddd3c96819543221b4ecc7a52f3030890551d2894191cec3344b5d45e4

Analysis

max time kernel
150s
max time network
147s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
29/05/2023, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fatura.xlsx
Size

51KB
MD5

9677c0bea1dc80647dc75522a28a5371
SHA1

2047db0561d479320ad7dc74b543f49ae2b82259
SHA256

33ee4bddd3c96819543221b4ecc7a52f3030890551d2894191cec3344b5d45e4
SHA512

b65897dfd61d158cabe9f925510ce45ed4ac492ff8e5e04d227b9d74f35789c7377fac8c99a9d61c23115fbfc30f7772398aa862ac9e04aa77a12582072ca331
SSDEEP

768:mIgTcNBVbOxexMJE6PMMMMMMSUUfw0lWY5zWCF9FhjPp4UoJ4x9/:Mibysf6PMMMMMMv9Y5vF1jRdoJ89/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "154399"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "262258"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "322424"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "508546"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "536518"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "14444"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "556672"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "560085"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "483129"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "539252"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "91164"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "104804"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "177659"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "202499"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "265144"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "427802"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "438650"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "497663"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "548287"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "28161"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "81862"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "136226"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "491230"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "9467"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "123848"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "222661"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "551193"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "5024"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "40177"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "55139"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "194193"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "136227"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "238322"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "266600"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "208164"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "131827"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "94074"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "119591"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "260796"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "449754"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "513721"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 0100000075e6dd4565ff22d31331c0d0fe28932ccd9b4a0c6a2f03808ab0ece66c79e63b263b36f09aa0dc898c6c4cebc314130602f9805874b7d71704398b8e077f8d4272490dfb921683b9a6292156487d8f0ab4df6edcc9a3e6b1ea9212ca701274116fb09f377982438c4e085cc49682169201ef5e44c0159427835d6d643a52353d1510fa038402b99037a7cf771e45c09b69c79f96882cda5b4239a4de255f78c6fc08d1c382b70d5624a703ca90e42e50e2083eae1508b9bde0c5e6e20e59ffc9d23a55e639c26459b0a8cfad4881ab5078535d4c5ec9e21e56a3afc4636070effc45d37c1e415041ed4a6cb1f33adcd7e0466eb4e08e96d6237206175a94d8b7b5c90c61a4552c6bd72dbbfc4a312bab7983a4da9279a637e4d1a54a1515be94b366fdeb851e0fc898f1d3cfa5841eda1ca8472603a9985212620d64090340d0babca53a09bd3107543741fc2f55a74fba5651bb6c3e720e69c462bd017e22454b6bb20833504b14029d926eadc2bf31242e665b65584086b1968ad408a696e92613a812b1f880e214c4c8cb23edb112abce37d3c6165fc5184d3861c7e2ec755e3d402b3fb2	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "322424"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "464126"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "476002"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 3df8bf635a45d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\share-doc.app.box.com\ = "49286"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\box.com\Total = "49"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "6473"	MicrosoftEdgeCP.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3688	EXCEL.EXE

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
3120	MicrosoftEdgeCP.exe
3120	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4776	MicrosoftEdge.exe
Token: SeDebugPrivilege	4776	MicrosoftEdge.exe
Token: SeDebugPrivilege	4776	MicrosoftEdge.exe
Token: SeDebugPrivilege	4776	MicrosoftEdge.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4848	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3364	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3364	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
3688	EXCEL.EXE
4776	MicrosoftEdge.exe
3120	MicrosoftEdgeCP.exe
3120	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72
PID 3120 wrote to memory of 4848	3120	MicrosoftEdgeCP.exe	72

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Fatura.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3688

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4776

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PC8JD7GN\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\28AQH54R\Lato-woff[1].css

Filesize
265KB

MD5
e1e5023a4d0b29824c8a6937ed303b03

SHA1
93159ba90e4aca126c45282d047e4e1d544ad100

SHA256
80745e4a131f2f16302232f53845bfa223915a3465369a40a9aa777d2c0a30bd

SHA512
09a87aa0383d5e78faf21cd63e4ee6eb875ac39f52aaf0805224ddfe39b56e91eceea743b811c2c8473a0113bda678c472ead4feca207004a37699d051ea68b6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\28AQH54R\app.3547327650[1].css

Filesize
43KB

MD5
acacc405341b856508b5f88f096a3888

SHA1
70f6bd87567fa6e60dd2dd55a6dcfd3d740b1f58

SHA256
cba6ba86024e2d3dff8069061cdaae34c9d1feba6ac4fc2dab9384b974b790e9

SHA512
2180264831f2e50f2459e396bf7607b50350c6043d000d9a7e5a91baeb917afff504bb6eac791351014007bcff681ca86d4f9bd4e236a0ee50a14bdc55156672

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\348PWGRC\app.4d68f8fc39[1].js

Filesize
24KB

MD5
0c30a2944bb89c0a45be6aaa3fc8b533

SHA1
1b0ca4937bd30bc8c18fcf84a324087c1410729b

SHA256
662975fedb790a43c0ab8e97371871e5a7af44d841a2ba637f59caaa32bcdc7b

SHA512
fa2c5c7d4ea26dc3ac5b0dc8f5524e219d7de4aee3e1804de3842341ecd3d37c39423835e1ddc75f89d0576222b03da5b7512ca044bc02e768355fc3010fafbb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ACD45OGJ\runtime.f10bef9e43[1].js

Filesize
35KB

MD5
50cfcb7ab2e3330f9e3390b58429f08d

SHA1
09cbc957425b5ec75b6df4da9465409c1cb31efe

SHA256
229013b08c67a72ca19f486aece9518cf274b462ef8134ceb69858c0dadbd92c

SHA512
883d36aadae5b2ce81412cd554211adeb7228e5d5561202f40f438caee247e0418dafbdc3dbdace2cc5a75c16a548586bd6cff24eb9a4d0a4e59b9518390db01

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ACD45OGJ\vendors~app.ecec4b0150[1].js

Filesize
129KB

MD5
df89c4beb529975093e2fd2cbab59333

SHA1
7ffe9ae59a65d1f05896b1f5877c84994b49d424

SHA256
8ee1fc9180e78ab58568a0133279d4f01bc1899f00cb38e85eabd93807f0caf5

SHA512
82f614c9d494237902053b46b5e504f1bcaa496319503c97e1514333ce37ba3e99676c45e3e15f55400ce5d0cd63e2e9e12b72fb1bf61a6899f18c33c8053b99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GACRONW1\lang-en-US.3b86fb1df2[1].js

Filesize
445KB

MD5
2dc8c32db8b74847a5dc9188359e2d07

SHA1
5ad306d6a92c922f89b289c612427f54147d1e14

SHA256
5cdf6cd95dc765643c0f21117911482a3150cb534a33f4160ab19fcafe8e9b99

SHA512
81ab09ebed40a373d264ab620ba4c39a8d9c78edd1b32407f9776547abf52c1594d615e231e22dfaf74cdd19447dc75cfa5826fd2a3a6c26310f0bf4d3aa4dfb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JB3826L0\share-doc.app.box[1].xml

Filesize
115B

MD5
5031dee4906ff7c637a354a1dcb3900f

SHA1
681f7e146855d424c73c05564bcd486c9f8688f2

SHA256
98a65d9812cb8b648082e666dc4f4951ef4c0c61d18d5c4a8aff8ab67a1c3b52

SHA512
6d05bd013c7057285e9fda8e45c77c17f9caa77c8e4a0e622cc9fe1adddddac174e4646ae2708107f76d7352ea50c71428a44d992312f580dbfac339dfa64855

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JB3826L0\share-doc.app.box[1].xml

Filesize
115B

MD5
5031dee4906ff7c637a354a1dcb3900f

SHA1
681f7e146855d424c73c05564bcd486c9f8688f2

SHA256
98a65d9812cb8b648082e666dc4f4951ef4c0c61d18d5c4a8aff8ab67a1c3b52

SHA512
6d05bd013c7057285e9fda8e45c77c17f9caa77c8e4a0e622cc9fe1adddddac174e4646ae2708107f76d7352ea50c71428a44d992312f580dbfac339dfa64855

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JB3826L0\share-doc.app.box[1].xml

Filesize
143B

MD5
9b8446d9ea3f52ea31e4f1256c3c01e9

SHA1
f334d0609563870a8d7cd415aa11648e1b2fb694

SHA256
47260211bc2a6c04ae1de65bc93a5b35d85d9ddef9cdfeb727fdb58f72b588a1

SHA512
c58bd4a8d3309dead39eca6ffdd417dd65312e825837124887fb1f53013061342de5b833a0643489db43d5200dc6a7aaf0cf5edbe48499cf08c20428b3b5e92c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JB3826L0\share-doc.app.box[1].xml

Filesize
905KB

MD5
e611d6911ffa3d4d940b6f3c56548463

SHA1
cbeceef8dc4eff76cd769e019cb2ade0d157cb09

SHA256
c88d57dc91f3f14d5fc13397a1791c537af52dd4a1596eca27b7f24a1dd08391

SHA512
9f27fa868b795a161123b2db4398b674104c50ddace5a3133ef6001534b3a177fb958bf7f3845fb2f682b350b52cf622fb043f1c10acc624d87f4fe0911c5555

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JB3826L0\share-doc.app.box[1].xml

Filesize
905KB

MD5
e611d6911ffa3d4d940b6f3c56548463

SHA1
cbeceef8dc4eff76cd769e019cb2ade0d157cb09

SHA256
c88d57dc91f3f14d5fc13397a1791c537af52dd4a1596eca27b7f24a1dd08391

SHA512
9f27fa868b795a161123b2db4398b674104c50ddace5a3133ef6001534b3a177fb958bf7f3845fb2f682b350b52cf622fb043f1c10acc624d87f4fe0911c5555

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6Y2W7YC8\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FPTKENSI\favicon[1].ico

Filesize
14KB

MD5
2a913ca63e1456f6bcad7e5501ee2665

SHA1
375dc98eb99ce4512add65d90530a3e67264e67e

SHA256
ead499d8460ab5491c4353ef571093af930b7e22efb947d073710a2350ec53a3

SHA512
cbfb98d2db05099c3f07228c97f010e573578b6445bb5f64d81b2368603b0ee86610ac5826fd12225b6efecdbb1af99820564cb2237651a3bc9c6faaed47ecb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
memory/3688-119-0x00007FF970260000-0x00007FF970270000-memory.dmp

Filesize
64KB

Download
memory/3688-129-0x00007FF96CCA0000-0x00007FF96CCB0000-memory.dmp

Filesize
64KB

Download
memory/3688-573-0x000002800AD30000-0x000002800B96F000-memory.dmp

Filesize
12.2MB

Download
memory/3688-117-0x00007FF970260000-0x00007FF970270000-memory.dmp

Filesize
64KB

Download
memory/3688-118-0x00007FF970260000-0x00007FF970270000-memory.dmp

Filesize
64KB

Download
memory/3688-128-0x00007FF96CCA0000-0x00007FF96CCB0000-memory.dmp

Filesize
64KB

Download
memory/3688-299-0x000002800AD30000-0x000002800B96F000-memory.dmp

Filesize
12.2MB

Download
memory/3688-116-0x00007FF970260000-0x00007FF970270000-memory.dmp

Filesize
64KB

Download
memory/4776-394-0x000001C02F450000-0x000001C02F452000-memory.dmp

Filesize
8KB

Download
memory/4776-353-0x000001C02A320000-0x000001C02A330000-memory.dmp

Filesize
64KB

Download
memory/4776-371-0x000001C02A800000-0x000001C02A810000-memory.dmp

Filesize
64KB

Download
memory/4776-440-0x000001C030830000-0x000001C030831000-memory.dmp

Filesize
4KB

Download
memory/4776-395-0x000001C02EF60000-0x000001C02EF62000-memory.dmp

Filesize
8KB

Download
memory/4776-438-0x000001C030820000-0x000001C030821000-memory.dmp

Filesize
4KB

Download
memory/4776-390-0x000001C02A4E0000-0x000001C02A4E1000-memory.dmp

Filesize
4KB

Download
memory/4776-392-0x000001C02AAF0000-0x000001C02AAF2000-memory.dmp

Filesize
8KB

Download
memory/4848-462-0x0000015146890000-0x00000151468B0000-memory.dmp

Filesize
128KB

Download
memory/4848-518-0x0000015158AE0000-0x0000015158BE0000-memory.dmp

Filesize
1024KB

Download
memory/4848-528-0x0000015158AE0000-0x0000015158BE0000-memory.dmp

Filesize
1024KB

Download
memory/4848-541-0x000001515B0E0000-0x000001515B100000-memory.dmp

Filesize
128KB

Download
memory/4848-512-0x0000015157CB0000-0x0000015157CD0000-memory.dmp

Filesize
128KB

Download
memory/4848-570-0x000001515B1C0000-0x000001515B1E0000-memory.dmp

Filesize
128KB

Download
memory/4848-491-0x0000015158500000-0x0000015158600000-memory.dmp

Filesize
1024KB

Download
memory/4848-474-0x0000015157720000-0x0000015157740000-memory.dmp

Filesize
128KB

Download
memory/4848-429-0x0000015157140000-0x0000015157142000-memory.dmp

Filesize
8KB

Download
memory/4848-630-0x0000015158AE0000-0x0000015158BE0000-memory.dmp

Filesize
1024KB

Download
memory/4848-427-0x0000015157120000-0x0000015157122000-memory.dmp

Filesize
8KB

Download
memory/4848-425-0x0000015157060000-0x0000015157062000-memory.dmp

Filesize
8KB

Download
memory/4848-699-0x000001525C7C0000-0x000001525C8C0000-memory.dmp

Filesize
1024KB

Download
memory/4848-697-0x000001525C7C0000-0x000001525C8C0000-memory.dmp

Filesize
1024KB

Download
memory/4848-707-0x000001525C7C0000-0x000001525C8C0000-memory.dmp

Filesize
1024KB

Download
memory/4848-423-0x0000015157040000-0x0000015157042000-memory.dmp

Filesize
8KB

Download
memory/4848-421-0x0000015157020000-0x0000015157022000-memory.dmp

Filesize
8KB

Download
memory/4848-419-0x0000015157000000-0x0000015157002000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads