Analysis
-
max time kernel
13s -
max time network
23s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
06-11-2023 21:31
General
-
Target
cc4864a25a305759921b73d753116873493f2c526a396839d4da6815492299d8.exe
-
Size
1.2MB
-
MD5
b1f83e9820b9f3b400f60518dfb91752
-
SHA1
d972600bce4e8088653818631a780124d4f6dcc4
-
SHA256
cc4864a25a305759921b73d753116873493f2c526a396839d4da6815492299d8
-
SHA512
38ba007ed3706736fad09af460352a2b8461205d2c2c98c198dbdc46a4d4bbf5a2944cc1b98449294e0075980320b358a00fd1874b3fd1512bf667421462546f
-
SSDEEP
24576:30GiHzb4k86BkR1VwN84Eru0i/LDSDvXKSbJ7:Jqzb4V68T7hi4vXpV7
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cc4864a25a305759921b73d753116873493f2c526a396839d4da6815492299d8.exe"C:\Users\Admin\AppData\Local\Temp\cc4864a25a305759921b73d753116873493f2c526a396839d4da6815492299d8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/download-wemod-trainer.php?name=elden-ring-trainer2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffe695546f8,0x7ffe69554708,0x7ffe695547183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5440 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6632 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,228651874200417697,7476218121479011754,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6580 /prefetch:83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/download-wemod-trainer.php?name=elden-ring-trainer2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe695546f8,0x7ffe69554708,0x7ffe695547183⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD560fe01df86be2e5331b0cdbe86165686
SHA12a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23
-
Filesize
300B
MD5dec6bbe308eb44937f77160a25ee32db
SHA18f08a4b641b564b67205e00106ca6bd9ca46fc6e
SHA25668a71de28f488586c2b169f4652347e0a1fd632d48a6d6725393607bfa18bc7e
SHA5126c2d684af52588cfd34a682337749b829c2336b34d6add7e8bd6e0c641862c26889617b4d6e9f298fd177b89527deb696c493a205ea8490bb8aee60090a68475
-
Filesize
192B
MD5af31c615369d24045d0a1da0612854b2
SHA10e1017fe9cd5420d25538d6ae19277e307cb8f87
SHA256ad5ba6ad4f6266d9a9878bd393528da057306ac156e1fac7d0027b781ce43ed9
SHA512f35585c137d33754731e6f3b7a07b5e37bd46cf574a76165daf8be3f25ad9b98f384a841ad1729214a31c4b6fe6f3e954f91fc33b2e7b0283822462ee968c90d
-
Filesize
192B
MD5ad8c63998cb90f1ad76c69c715fdabff
SHA1660598c01f6d016f1e9090ad65c7a2373ff0086c
SHA256e6aa94b2410be53520aabff2e1b3b74b15c8b67e7c30a794bb2664b07d8c8016
SHA512b647841471af7cab25ee4ef5199f30ac6088f983fba520ace89a9c09284a086bcb96f80e5b9f0756a8a3fb908342ea6a85cefb31dd466bf24ccc3abfc12667f2
-
Filesize
152B
MD56dded92ec95cf9f22410bdeac841a00d
SHA183c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA2561840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8
-
Filesize
152B
MD56dded92ec95cf9f22410bdeac841a00d
SHA183c32c23d53c59d654868f0b2a5c6be0a46249c2
SHA2561840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e
SHA512e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8
-
Filesize
5KB
MD5e0a0a56c069fd8fb6f742d1ca9e4b6d1
SHA1815f5818e237d86061a7184274b90f968e1f2633
SHA25610be3c579d2fc015219de556bf70bd49bc19be924c411fd31edc92194753c0be
SHA512b53614ee32b881ecce7fd2e61c6cf4f177eb4db1637bf382ff5f0e869208fd7b16e89abde91d555924f64998086a149acdb58caeeba02028047e50ca79d51a6a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
141KB
MD5eb6a6be0d1c968f84ec9981235b8887c
SHA197299f31cc1b6b1f6f07afb028bdfb098fe109ec
SHA256883451c49142ed318ca4ed31916985bbf9eaf0069febeb93d8c8b5594ac23e07
SHA5121a35957bbe22cc9254944e2d96e4ea4ad30369a713e48ff4876203e2b0940fd67c8af8578c97797a676883c90da5ebbea428ae05bb6a69897f86bf0213bbb4c8
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
248KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
1024KB
-
Filesize
64KB
-
Filesize
10.8MB