hxxp://memz | Triage

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://memz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983843758-932321429-1636175382-1000\{F1315C32-B651-4BEF-9141-7EC055865E61}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe
928	msedge.exe
928	msedge.exe
740	identity_helper.exe
740	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
3968	msedge.exe
3968	msedge.exe
3780	msedge.exe
3780	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1812	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1812	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
1752	MEMZ-Clean.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4664	MEMZ-Destructive.exe
496	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 3192	928	msedge.exe	85
PID 928 wrote to memory of 3192	928	msedge.exe	85
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 2060	928	msedge.exe	87
PID 928 wrote to memory of 3356	928	msedge.exe	86
PID 928 wrote to memory of 3356	928	msedge.exe	86
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88
PID 928 wrote to memory of 2748	928	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://memz
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5f4546f8,0x7ffa5f454708,0x7ffa5f454718
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,7421269960299514700,3414021648870114218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3824

C:\Users\Admin\Downloads\memz-master (1)\MEMZ-master\MEMZ-Clean.exe
"C:\Users\Admin\Downloads\memz-master (1)\MEMZ-master\MEMZ-Clean.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1812

C:\Users\Admin\Downloads\memz-master (1)\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master (1)\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4664

C:\Users\Admin\Downloads\memz-master (1)\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master (1)\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dd4cc97d2e066344bd1fbbaa39277b22

SHA1
3ba852ad2d6d0ecef75a25b1915f0520e6926c24

SHA256
00ea43fc55c1328e8230f0860f2317501be8be3145b2676e8356107da2601efd

SHA512
7c4e66676f0c1624b0aa4dc99eab2e1fe1f2dd224a4e87ba63d02741ccd420f003da41878282a554c85af91d5d68eb42c640c970d694ed3efd5b3bd05b61856e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d0b2b39dfe5bddbfaea9a832fadbe2ed

SHA1
4a47d2833d126716fcbe3b69666128209b0faa09

SHA256
c819d1bea2a1685ce9289ef7c605f8d241a6d652312d3ba3aa5450d50e565e5d

SHA512
34a4f5e42955b70236559f50cb488492dee9a94a64324f3730104b6f69694cda0f3a4f227153b4b8cb67faaa78421c3c6a671ac8163f8b3ddffd96e12f6d5f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a48e4039dcf42038de30397ac114964

SHA1
f2292d7c9894874cb2415a5f9bfbe830b610ebdb

SHA256
48192d6ff0ad72fd1822daed19ab4f14054baccb78209965f5dd05f8a5e147ae

SHA512
f87087b9a0cd17d562477cfa3208342b76d568607b28d482772446003a849e77036756130f733c95faabeb06c0caa658e812bf24a8b406692eac79c1ba225509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6536600cd1bcbaca142047c220c182e0

SHA1
93ea9a3b652da0dddad8b8b7f3b6a18621de57f5

SHA256
128da36120129a76602ae102bcfc348ca70fe6d47972e2b655885ae9e91f75ce

SHA512
f23be08972b2a8d9b2b1f2b849bbb4b13c5d41aeb7a1dd923626678d1f792202aac708c91efd4b844b5ee7e169dacce9b34704ac3ce1d788e1d7ab4b252fd67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ba2c2316541d6cbe604ebae59155bb02

SHA1
f62822427bc4f2c3eb69f5a050ae695c6a9b5fdd

SHA256
830e71263182cb8124e2f82d236299713b6d69dc0e530738ff25bb535a11c2ad

SHA512
68e29bc732d4e70e3231ad7e63e9b337f8769abe39f110190749e76b1e7f0dbeaba89b5e720aa948643b77e5afc518376c287f1772baab5c3bd89f6842de7ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea81f489b506ef19d717519f4a95f27f

SHA1
f98864613b649c7b72eae5eafb6a872137b3f73b

SHA256
1fb75c11dc089c90cdf354d9ae579a2c8a2d52de0694a4d6b955523a378c6ab5

SHA512
ddfccb820ac3b3f16b0dbd5d1279141b35c160611f8b597c182014f80f1b1782781c49c0bb8dffbe91655b44263dd9751986a705cee96e23592111339fc7d4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae91988adeaf9a623b227f4a86746c94

SHA1
8bc71751964f9e83c9240bc030efb214332056d4

SHA256
062f037c37da4f170c478ba71dd1a375b783808bb812badbceaac5aef047d842

SHA512
549f16421bc72aa8565354c8619f352087db94e49a8580623d3d4507fa670344f97a292b649458e34f8fa2e33a394a5525919a8bfe9100f1cd69b499d3d2581e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e8a3f5849a88e6c4715d1586be054bb7

SHA1
b53ae13e682dfcb5b769b82a29abe8abb55fc1ff

SHA256
7e7d73490c74f197441434a531ab1b50c3e39f4338251c79cef9d3a706ecabfd

SHA512
3a4caf03bdcbc90b9147e4e898d8241765cd2f1fe0de4126900b8eaffd9710f029adde0e439fa6ab55678a65ed0ac08db00e5d7c02c5f66ac2a9ea3a79579cce

Download Submit
C:\Users\Admin\Downloads\memz-master.zip

Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit