4aff974db2413e19562609cfa92f7a0c22a1f392c6b44fc0305740f79f323e9d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 17:11 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Funshion/FAQ.url
Size

56B
MD5

d15739018b4c6fe7090cf40a34e8c0c5
SHA1

201546c57fe04ece7452e3c24b452a18b8142c70
SHA256

1d8c255067ce85f76a89b779078801bae4a0f5fff79b2bb4f6ffa76624a76058
SHA512

4c00d30c547b871f02cf99adb197bcc05da1f6fa89a811010edab176ad3ff4824faf530bf8c2a66ff94186ff3fc8ce032442500da7e28516b70686f42adb1570

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
2020	msedge.exe
2020	msedge.exe
2628	identity_helper.exe
2628	identity_helper.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 548 wrote to memory of 3768	548	rundll32.exe	83
PID 548 wrote to memory of 3768	548	rundll32.exe	83
PID 3768 wrote to memory of 4996	3768	msedge.exe	85
PID 3768 wrote to memory of 4996	3768	msedge.exe	85
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 5004	3768	msedge.exe	86
PID 3768 wrote to memory of 2020	3768	msedge.exe	87
PID 3768 wrote to memory of 2020	3768	msedge.exe	87
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88
PID 3768 wrote to memory of 3472	3768	msedge.exe	88

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Funshion\FAQ.url
1⤵
- Suspicious use of WriteProcessMemory
PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://movie.funshion.com/help
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cce346f8,0x7ff8cce34708,0x7ff8cce34718
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
    3⤵
    PID:3084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
    3⤵
    PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2824 /prefetch:1
    3⤵
    PID:3452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13720447162569550723,9039692750932526254,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4140 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

Network

DNS

149.220.183.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

149.220.183.52.in-addr.arpa

IN PTR

Response
DNS

192.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

192.178.17.96.in-addr.arpa

IN PTR

Response

192.178.17.96.in-addr.arpa

IN PTR

a96-17-178-192deploystaticakamaitechnologiescom
DNS

movie.funshion.com

msedge.exe

Remote address:

8.8.8.8:53

Request

movie.funshion.com

IN A

Response
DNS

22.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.177.190.20.in-addr.arpa

IN PTR

Response
DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

172.217.20.174
DNS

google.com

msedge.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

172.217.20.174
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

movie.funshion.com

msedge.exe

Remote address:

8.8.8.8:53

Request

movie.funshion.com

IN A

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

movie.funshion.com

msedge.exe

Remote address:

8.8.8.8:53

Request

movie.funshion.com

IN A

Response
DNS

187.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

187.178.17.96.in-addr.arpa

IN PTR

Response

187.178.17.96.in-addr.arpa

IN PTR

a96-17-178-187deploystaticakamaitechnologiescom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

movie.funshion.com

msedge.exe

Remote address:

8.8.8.8:53

Request

movie.funshion.com

IN A

Response
DNS

131.72.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.72.42.20.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

149.220.183.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

149.220.183.52.in-addr.arpa
8.8.8.8:53

192.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

192.178.17.96.in-addr.arpa
8.8.8.8:53

movie.funshion.com

dns

msedge.exe

64 B
131 B
1
1

DNS Request

movie.funshion.com
8.8.8.8:53

22.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.177.190.20.in-addr.arpa
8.8.8.8:53

google.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

172.217.20.174
8.8.8.8:53

google.com

dns

msedge.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

172.217.20.174
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
224.0.0.251:5353

592 B
9
8.8.8.8:53

movie.funshion.com

dns

msedge.exe

64 B
131 B
1
1

DNS Request

movie.funshion.com
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

movie.funshion.com

dns

msedge.exe

64 B
131 B
1
1

DNS Request

movie.funshion.com
8.8.8.8:53

187.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

187.178.17.96.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

movie.funshion.com

dns

msedge.exe

64 B
131 B
1
1

DNS Request

movie.funshion.com
8.8.8.8:53

131.72.42.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

131.72.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95cb7d0206e9117653d10937aa5d0d5f

SHA1
8593a3d4ebdc1a6a9c6867cf24170e6ab5dee601

SHA256
f9d8b71534e7410b24b5fb8a33355445514153dc71985a1771cfe8c721c4918e

SHA512
d53e6d301621662d33379cdf7bcab53d23443d0b1e7235fca719ab6b01c55237e105afb4bc9a2dc62cae2e99544963da42f44fbe5b1ff6d8163f053f851b80db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93084494854280829344abd9f9de1019

SHA1
47314e44bdc1565e342973ebe8632d3913673aac

SHA256
f58d992c69c1015ca1c10093cd9e95f723ca8cbc1988fee58c0b46b52e8c1fb3

SHA512
ab9c7392ffa038b6568626f5e8016c4f9b69f4db0ca6f1162bc179418e4d74b1ce87c60a8005e5e10dd50503f59f6f5ca3e23b1e52fa1c366e3c118f86e9ee55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d6706f0958a0e56420d0a6301c076c46

SHA1
701f5a40f0fcfd091d1941655ebfbafa4c0746ea

SHA256
f1fea1c87b8b39e12e5aa1032cf729df0a62493e653d82236873c70e6dfe6e9d

SHA512
490a1e6e1eeb6cff7431b03618987c2c71e1128d63be6f0f651e2cec6c89cb10e9ac1339eae75445c7654d0d6c5e5b7d5011a3e79d1dbad6736e97e6c45bc3bc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.