Overview

overview

8

Static

static

3

d70538a893...8e.exe

windows7-x64

1

d70538a893...8e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-08-2023 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d70538a89337700429a5dc1e826efe52a2bf589180e6eeeecb0f2a307a04de8e.exe

  • Size

    11.0MB

  • MD5

    26e3b4123297525118fa13af2f9e2507

  • SHA1

    9b8b35c58012b57462d44a12dcf37a448b66774c

  • SHA256

    d70538a89337700429a5dc1e826efe52a2bf589180e6eeeecb0f2a307a04de8e

  • SHA512

    729beb27706a627dc3601e02f79d40900fc59718519667fd98cd05c009be2c79a385a91b2ffec6f03614effcf35d8c06c547ecbbc131b35203d98986179004bb

  • SSDEEP

    196608:OQCmc4P1RL9ulekT9sI0qDZoDj1nplKig1Z2luVbB2az357CAXFxn3KcGrol:OQCiLulecjDGDj9plKiTlEt3t1XacGrG

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d70538a89337700429a5dc1e826efe52a2bf589180e6eeeecb0f2a307a04de8e.exe
    "C:\Users\Admin\AppData\Local\Temp\d70538a89337700429a5dc1e826efe52a2bf589180e6eeeecb0f2a307a04de8e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4012
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86&apphost_version=6.0.16&gui=true
      2⤵
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3736
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa0c3046f8,0x7ffa0c304708,0x7ffa0c304718
        3⤵
          PID:1712
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4288
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          3⤵
            PID:4596
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
            3⤵
              PID:4832
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              3⤵
                PID:4180
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                3⤵
                  PID:3680
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
                  3⤵
                    PID:3660
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4760 /prefetch:8
                    3⤵
                      PID:4676
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
                      3⤵
                        PID:4840
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5780 /prefetch:8
                        3⤵
                          PID:4212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                          3⤵
                            PID:1656
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                            3⤵
                              PID:3060
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5104
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
                              3⤵
                                PID:1668
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
                                3⤵
                                  PID:2076
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
                                  3⤵
                                    PID:4360
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
                                    3⤵
                                      PID:3112
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12448827658202900590,3724584886021726191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4944 /prefetch:2
                                      3⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4432
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4924
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:1148

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      70e2e6954b953053c0c4f3b6e6ad9330

                                      SHA1

                                      cb61ba67b3bffa1d833bb85cc9547669ec46f62f

                                      SHA256

                                      f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

                                      SHA512

                                      eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      312B

                                      MD5

                                      d1b903171f4cc49cc399d40483909241

                                      SHA1

                                      f4b91f3ad1c44a6fac6e755e49f1b1995d8909ab

                                      SHA256

                                      32b78989899e0af1d587e5343bfbefa20cf7e134ac1cc6bd87cab0999eed86b8

                                      SHA512

                                      72cbba5904309c03f5d27c012ce629a2d298a481f225a065a23e41136bf12b7b993a8695eafb75748221008ac2f95232595308376414b538f41609363bba7208

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1002B

                                      MD5

                                      6d5f948ebad2d55685e6c3387e7ad43b

                                      SHA1

                                      6559f54d289ed6b036b15e851165786214024fe5

                                      SHA256

                                      bec82800574c926dc70a0163e34cb62e499a77135268324de2d81a171bf5f6df

                                      SHA512

                                      64d43475b05756424d65cedc7115b8777d06057422d9b8f2f2eb83c0522a47b4cdecd166052f8091c5756ac7d588b3156a5021a335dac3ead25be607b99c4ac7

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      902B

                                      MD5

                                      8fa597590c57afa65dbc96e92be6b738

                                      SHA1

                                      155f7d47201a5397580e04c01620a494c40c6289

                                      SHA256

                                      b992114bd0432d0a8f301e36f5f897317181219182d2d3cd5543d200d7d68056

                                      SHA512

                                      a283d61a902113874f71dc4a771bbded88e32b34d8fd65aeb0d89363e8eb0769160b7419291056bd68cab94087b12f310262215218976c6c31cbf758354dfd09

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      641dce8b55d8d69704b26bc25b48f23c

                                      SHA1

                                      d400644617338fe722c5e30d6b58b4f2af2b06f9

                                      SHA256

                                      bb76d9f16ede4890050bf836c51949a0ce376e4a184c1652fe0b1c863a0bf019

                                      SHA512

                                      b04ff5395e6d4ea2ea148622ffed40bd2d7da2398e6aaaf2ae97dc8c447b8f3b2e5e1eb381e60c44258a4c13c45a6d84c8637cec3b0aadca0417829a0ab8ccf1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      3d952920f2372eb66756a38db1e78371

                                      SHA1

                                      a35bdbbe0248672fc106b37ecbe5885515615d19

                                      SHA256

                                      377a7374f75cdc4ef2845f2b45adaf152f2d578585ef23bc4eaa76adb0f0e519

                                      SHA512

                                      bf501ec07d4dfc0b53ff6a4bf6007c24c84a68a89ab669c5537d2e6ff6109be8f0c7ddae941aefd1c22db8cfce12bbd563342cb3a215a2d31cc9eae5d6651833

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      5a478f1e08816969e8214f982850b754

                                      SHA1

                                      1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

                                      SHA256

                                      665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

                                      SHA512

                                      7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      707B

                                      MD5

                                      531255514269a59359f8589836147ee7

                                      SHA1

                                      3e3249746ae225da662c2d6158314f3d3f20547b

                                      SHA256

                                      2a11f61e3bf1f35655532cb9dc27a0b1b2cebabf21d90acf978ec9d16d589293

                                      SHA512

                                      c6281f6b0aeb29b396555780a7fabd7cef2d4e1fb3ca3a74ec8521f633cee58eb5412907e0b2036fc24e4af0ad3ca6bd981dccbc1bf82a983b4bf4be7a90a5f0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      707B

                                      MD5

                                      0988fec963badc3dcbfb2a47f7ba83e0

                                      SHA1

                                      c32b0ddee2cc8b8b8266ae0e1f96ab55dd6b698b

                                      SHA256

                                      3de45d2b127f3b43b7146544bb29ac6bdf9f9362ba7f7e1a7e53953dcfdb8269

                                      SHA512

                                      3497fb5fc019672ac532b159ffb6e37663e70c873204bf855166eb9be6c9a62740775e091d66546e496bb4720fade190af1418282ec22483a0d1fa62a2cd5a18

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e942.TMP
                                      Filesize

                                      539B

                                      MD5

                                      d26244d9f53d82bdf7442eab8a7f21e9

                                      SHA1

                                      54d80bae56d39613b2f1ee0f3c961cd8e9e11002

                                      SHA256

                                      c41e76022720545d647332f0c0051bdb4d69b876f0d55fa8442ea2eb4de2df77

                                      SHA512

                                      c4d318f7eeb9d7add3d6d632740c45c2a07e6ccd1129710618322899558e46e87b332b3f082a63ead1cca4c8fd13530d72179841dc21ce14cc8f909b56d1f1e0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      77cf0850bb1a65e53cb8acaa6405c01a

                                      SHA1

                                      c4892604223c74a4ef7a55c5e99ededd6d776f73

                                      SHA256

                                      769c43dc4d92968f65c0e19fa47400ebce986cb11d86d1fd0cded1540fa6861e

                                      SHA512

                                      c33a316e3bcc4cacf79042ca7e6a45628d057be2279e26f4158723b6f75dd4226c46161a3dd829328ecb3613c221365d5fce896cb27ec10cc6585ae47944b6e8

                                      Download Submit