07e49f7cbb4ede01ae4dd4c399d3a7e5846e3d2085c3128eff881e55cb7b1a0c

Analysis

max time kernel
56s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2023 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

realesrgan-ncnn-vulkan.exe
Size

5.9MB
MD5

159c4671f4ec7dd6e119a99e00ed3fc0
SHA1

ad56db08001a816070fa44a41e6dc34bfb85a0ad
SHA256

07e49f7cbb4ede01ae4dd4c399d3a7e5846e3d2085c3128eff881e55cb7b1a0c
SHA512

9c6ba20e269b771c9d8f11ff6d3803f0e2a9badff1191a7c3b2e2ab674d81905f2cb54dbf4b4d5cdbdf3ef5b02ddac7e87a7a11058c4ead08dec89243adef124
SSDEEP

98304:rfpKKXrbsQ4Gk6KIZtGUD1WHzpd7GfKQxTbKxtMvq:rfpKKXrbsQ4rIZttD1WHzpd7GfKQxTb4

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 376 wrote to memory of 1460	376	msedge.exe	106
PID 376 wrote to memory of 1460	376	msedge.exe	106
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 4284	376	msedge.exe	107
PID 376 wrote to memory of 3416	376	msedge.exe	108
PID 376 wrote to memory of 3416	376	msedge.exe	108
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109
PID 376 wrote to memory of 3940	376	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\realesrgan-ncnn-vulkan.exe
"C:\Users\Admin\AppData\Local\Temp\realesrgan-ncnn-vulkan.exe"
1⤵
PID:2908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta335b343h05f4h4f03h85d8h2cf4d33e251b
1⤵
- Suspicious use of WriteProcessMemory
PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbcf2a46f8,0x7ffbcf2a4708,0x7ffbcf2a4718
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1488180829955635979,13960367048606566942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1488180829955635979,13960367048606566942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1488180829955635979,13960367048606566942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
  2⤵
  PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
6424156292514a77d737bfa8d4da4c88

SHA1
6ede5c0e93828fe2873b337a6b1d8bf4f94d5686

SHA256
761f115ad9feb3421276eacc4487f0cf566558b00abed46059de6f4a02a9883b

SHA512
6f4aeeeb9ff05d63872f414dc28424a90b2027ad9e7abf52b44954b3ef5d9e0dfc29ebe7d78f797ffc50bfbda0d5d6d19421e11c2559cd1f368dab5c25ee4371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
a674e02a6cde93c7fc9cc5caee788a34

SHA1
c6c44a7a1bed6f47b862b2156f0d746fcd13e445

SHA256
5bbd5b1abaadea9d3c1d543b4f00e5e3633ea92adff7bd312642aa2abbc330cb

SHA512
1fd07f6de96445cecf6539d182bb75249639a613032ea21105b0cf9576ee583c5aa2e9ad1235ac2888baa3e5533dd0bced7a47e9954246aa7172860235c52a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
48e911f0875ea8d34ecbec1e1406526f

SHA1
f9d2ccde55c254305b3e602ffc03ca8145e6942d

SHA256
51ac9fff4b613d97d618d505178a3e0cae95d6086270ce5e97defd1eb964acea

SHA512
59d90cd117fb3d933883edfd3e1f0bb937da4797444791293efc58fa947e58c93ea2e6479baea634fe3091f6a8954b1fa50ac4946e8e3847d4c960a59450bd7c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads