1c036bf953ab1a11047fa460016b7f768e71cdea9ddc2c7bbef62ab2e93f9a35

Analysis

max time kernel
136s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

pollymc.exe
Size

15.0MB
MD5

7e16ac22948dde905e026a5d90ec0769
SHA1

6557efdbd738f4f599f31cb237161cd02002131a
SHA256

1c036bf953ab1a11047fa460016b7f768e71cdea9ddc2c7bbef62ab2e93f9a35
SHA512

ce14f12b9d78a1a38f08154568e38fc5ce807c31c1e5125b2f766467c9bd29bb25b4ef51486b34dfa7647ed4c4fe505ef4f407e4183985d88a54c5f1f6925faa
SSDEEP

98304:3ntDcj467JR1ZAObJP1IHDd4oYTRnUNxOxsYOH2/nH9DdIMEpz:iXivcaxOsYO

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
928	msedge.exe
928	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 2984	4464	msedge.exe	99
PID 4464 wrote to memory of 2984	4464	msedge.exe	99
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 2632	4464	msedge.exe	100
PID 4464 wrote to memory of 928	4464	msedge.exe	101
PID 4464 wrote to memory of 928	4464	msedge.exe	101
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102
PID 4464 wrote to memory of 5044	4464	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\pollymc.exe
"C:\Users\Admin\AppData\Local\Temp\pollymc.exe"
1⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault41b1a572h0c6eh48fbha4f1h0888f0a1c84d
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffbb8646f8,0x7fffbb864708,0x7fffbb864718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,1541896929312475110,14176925256921643103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,1541896929312475110,14176925256921643103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,1541896929312475110,14176925256921643103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c41bd07cd6358665796dec73fbd9625b

SHA1
225facbd571bf4df00846ea5458fad46fbc41006

SHA256
ffce2964eb483d96facdcfce884d7509ec42afba8dcbcccf053095f22f71bd92

SHA512
15f3c1173fc6bc1c3ff700b601342658ff8e4e07e9ec48313fcd6600ace407855014f467633435b3b5b3879f93d061760f4887f0932c995c9d281270dd1d6b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
dac09f63c9606b26f64cc7e5dcc53451

SHA1
6cea1ebeec52147f18b190a2b47816e4cf5599b5

SHA256
746b7146c820f1f4e693d8f42bb7b5aa9c4ffac3b06d43c1e61d7dc2bc2af951

SHA512
746952768b9f716f6c8f1bbc0baf5b21fc1540ba6078eece9d1c644e225aaf36dfa4108247388ee5037f83a348747905ed4ccf41fe34f5b04b74b1fdd48b977c

Download Submit