Overview
overview
6Static
static
3Phoenix/An...rp.dll
windows11-21h2-x64
6Phoenix/Co...le.dll
windows11-21h2-x64
1Phoenix/IC...ib.dll
windows11-21h2-x64
1Phoenix/Ne...on.dll
windows11-21h2-x64
1Phoenix/Phoenix.exe
windows11-21h2-x64
1Phoenix/Phoenix.exe
windows11-21h2-x64
1Phoenix/WebDriver.dll
windows11-21h2-x64
1Phoenix/We...er.dll
windows11-21h2-x64
1Phoenix/se...anager
windows11-21h2-x64
1Phoenix/se...anager
windows11-21h2-x64
1Phoenix/se...er.exe
windows11-21h2-x64
1Analysis
-
max time kernel
104s -
max time network
106s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-02-2024 20:03
Static task
static1
Behavioral task
behavioral1
Sample
Phoenix/AngleSharp.dll
Resource
win11-20240221-en
Behavioral task
behavioral2
Sample
Phoenix/Colorful.Console.dll
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Phoenix/ICSharpCode.SharpZipLib.dll
Resource
win11-20240221-en
Behavioral task
behavioral4
Sample
Phoenix/Newtonsoft.Json.dll
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
Phoenix/Phoenix.exe
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
Phoenix/Phoenix.exe
Resource
win11-20240221-en
Behavioral task
behavioral7
Sample
Phoenix/WebDriver.dll
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
Phoenix/WebDriverManager.dll
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
Phoenix/selenium-manager/linux/selenium-manager
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
Phoenix/selenium-manager/macos/selenium-manager
Resource
win11-20240221-en
Behavioral task
behavioral11
Sample
Phoenix/selenium-manager/windows/selenium-manager.exe
Resource
win11-20240221-en
General
-
Target
Phoenix/AngleSharp.dll
-
Size
861KB
-
MD5
ba231be096738680abadcb0504361b6e
-
SHA1
7eb1609f8643d1964ec252f897c05a10345b7d85
-
SHA256
78e304f09e0af840441733b89bb3c268109fa1c4200085a7c1edb097b6723d7a
-
SHA512
3a662033bbd0688cd76da84970d988c6932912a7cbac7f6ed1b26e32f480e9ac4866609764334a610c3b8b52de4d52c557e23d3ea111f154ff41e426d14923cc
-
SSDEEP
6144:JnFGmSD2smAF5DvLpN15eNcWx0x1DOlzWrBmXgis5zEJ0rlz6zoMJsJG/YLfjrkS:J8XlrNHwqd6aD26o2GckUMIC5Yq6ku
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 2 IoCs
Processes:
MiniSearchHost.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4280069375-290121026-380765049-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4280069375-290121026-380765049-1000\{C1E1D254-2912-4997-AF56-6C94A1FD186A} msedge.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 2352 msedge.exe 2352 msedge.exe 3900 msedge.exe 3900 msedge.exe 1496 identity_helper.exe 1496 identity_helper.exe 3736 msedge.exe 3736 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exepid process 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
msedge.exepid process 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
Processes:
msedge.exepid process 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe 1116 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
MiniSearchHost.exepid process 5380 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1116 wrote to memory of 3840 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 3840 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2448 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2352 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2352 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe PID 1116 wrote to memory of 2436 1116 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Phoenix\AngleSharp.dll,#11⤵PID:2480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff87eaf3cb8,0x7ff87eaf3cc8,0x7ff87eaf3cd82⤵PID:3840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:22⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:2436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:2936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:1540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:2796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3900 -
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:5004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:12⤵PID:8
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:12⤵PID:2156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:3108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3428 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 /prefetch:82⤵PID:3928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:1292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:3904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:12⤵PID:5628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:12⤵PID:5616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1708,3302842618967491888,4489875404943967507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:12⤵PID:5776
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2272
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2496
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2644
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5380
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5292a2b88cdf011668e2397cbf6a7ceb8
SHA18af9c61f95239982076e9a44221a458853bad263
SHA256611ce8597820e79e992fcbe8c11359b2c8db7d80471d194ccd29ac8246d15e04
SHA5124fc3496867fb0780538dcd61f4a8ef8767da219c2aa9281fb7d33709e0d40283a4a660593b5a8397770a1c88f2c24176164a30b140324d1d3b5072ad1c8636c8
-
Filesize
152B
MD5a0407c5de270b9ae0ceee6cb9b61bbf1
SHA1fb2bb8184c1b8e680bf873e5537e1260f057751e
SHA256a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd
SHA51265162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136
-
Filesize
152B
MD5ded21ddc295846e2b00e1fd766c807db
SHA1497eb7c9c09cb2a247b4a3663ce808869872b410
SHA25626025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305
SHA512ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD53c4b04598d66e99feff1eeae780f7df0
SHA17fb96db8503c0bdd1954c44461f61f33640fb5b5
SHA25676cc58578b5d7326311ae11f73ac9c16b0664db8a1efe48cebfa4f7c7f0cc1af
SHA51201ad67d82cc00285ffbdcfae75c3ebc705b85aacd835f05c4eed56671b52e3c1bda9f3fde2739e5e779c46db5b85ad6eefcf865d365459c8dd41b0f333aedb6c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD567e4121200c6e879c89ff10e22c09eac
SHA137e2c92db87d402b82c238e1194ab90a251108cb
SHA256b93594a14dd1201d1f7d084fa5751fecac10d7cb950766d214e3756a9c1da088
SHA5121f24a002daaa578cbc155b6fc458f5cbcb71be052bad04c069f6a96a08425c83bb836ef6a122b859fa20fffc95948477272b0ac67282acab7b758831a1a63194
-
Filesize
1KB
MD5b8ffa510998fc48aea421a2a6a3fc022
SHA14f931988c4e536d0ff19b98c4ae57276fb52c823
SHA256f0182d5dd9a612ba0ed34a95602f1e256d13c763d6830248ad056ab6febef6a4
SHA5123e5fabdb1eea986b4a89d04963bd5f24913e918ab16098f87e8e5d94dca865938e301be7293501c9b2edcd93828cfd7d331e9df4bdd31416ba2edcd72b3bfdd4
-
Filesize
6KB
MD5a3ffefd5e9adfdff3f59058726d1aece
SHA1f79e03c87a7a5b8187a195da9329ee6e615c6536
SHA256b4c2dca4d768a27b887814e2a03e052ad9d40e8027b154733dc502c37b3ae33d
SHA512ab8bc0dc8bf115598396d8a912824fbc6e1e27d698dfbea3180819199caa80973d0a69f817d6a3ab4e29e48fc0a11a1ae169a8cd97a85de655870c84c1ea542e
-
Filesize
6KB
MD525db3e22bbecd3ed3f963390bc8a4daa
SHA1e4ad939ae1f0a415b47477ac5f8bcc48a421e392
SHA256d54a20d68ae1d38047327fc3f4716f0e819d356a855785842338bd90ce3cf5de
SHA512056aa5952e4b9daab8d3a02b3d8ddff9c4713b073330e8130b3833c5e56666d77f935a8226a1952aadccf220a9df146608e2f8bfb1fac4aa7d0225d0f3e9070d
-
Filesize
6KB
MD5d587330675dd78d44f0b583ee78c4ee2
SHA1d906ebc0a2884e7124a75200ecdad09d4797e5a4
SHA256680d6a68f08cfb212447eddfa19a1b268b5adb2602dbab638f524017f1de5695
SHA5126ae5ebbf54aa064cd1fb85286fdd0d068b5fd5adeca436db6ab9e5e3f61ea58884a3daaa1fd189731cf02deafb8b2b40e85617d2017bbc11017505e8fc1a57d5
-
Filesize
6KB
MD54e8429c1334a5f0347df162d131c90bd
SHA14778b35fc0dfe5ffd09d934ff06c0c7ea5e6ab12
SHA256ef9a0bc7b721b546864b56779e6f4ce25ef2178a4d24ac7d2f5b35f6cb188f80
SHA512a49ac498d170c15129ffac54d76dae0c3fd31bffc342ef0358b59aebc43103ba02a193b0849cdc0ae89dea52cb7ecf2178960fe79c0028ec5810d984680e0256
-
Filesize
7KB
MD55add90c90935146a949c76044f4bc391
SHA141c26164140a10175b251fda26041ea021b2bfb5
SHA256a889748918ed11907ea0f339d18d97b2bcab1c46e7cec49313d848585f31db29
SHA5120240054b85b1dbbd1d8bba52e7fcfb9a9047017865804de86d349592157af42d4f7886e6312bad44fa9f030b99c40fde4f160db890c8cf1fec577bfa932b4e0c
-
Filesize
5KB
MD55edd1343fc2b7a8ef2e9c0dbfe07e6f5
SHA1fcc159d065296ca174dc6f10a9ff3e623e00c413
SHA256eda5aaa94f2607f332254f97acc801a16891bc4f72a54aee3c83e6fffc4b9404
SHA5121523c24488f33e07519676f49961586ce7c88122b1a84fd91fab2f4cccb516f6301d05ca67ada155dff9476856264a25852f78ee3c2c0667e9e3ecddd972e1d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a98eea2e-c357-4fe7-a3c2-436e31cc56a6.tmp
Filesize6KB
MD5d18339d2c89c15f670fe64be39f88e35
SHA1fb046058aa70846bcb2d18ee8e2d4373f40b3ae5
SHA25625b27fe2cf568e7b99f85fce96070db4842a9b23df4efe921f7a690a802b687f
SHA512f2ae7c1f1f05532524d61178efb9be12699220b71ce7b34ab62d7609e84db86df3b4705ee4303f369c20b0f9a312e919bde07eee3c9021bdc85d57511b986575
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5eee259f2c826481d7e9c4173dcbd5ff5
SHA136218a5d1ae4c3428de9aeb521137bd634e78a25
SHA2567f845526d729a177ad4e1f83b7768fa08ffc369e4b9c070241c409727ca96b33
SHA5120777e26bbde296d457e884e57d03e4f64e1e3907f045749e774ab299636ea67f0dc42df4f3ea191e69b0b7d1237ab226874f540f791529e1b208f58a0b4fca23
-
Filesize
12KB
MD5df747db7ca3a96a4a8e8e19f2592536d
SHA131979797283d23a5f0b7470ee9765bb6569c970a
SHA256d54195627374f5a1795ddd9983a611eba2e7387d929476a56bc37ce939b58547
SHA512682b38086940b2b34265cd3dfe2a0c1b886dcc4e9907a0719a31c882ba918536f543753379052e7eff1982a921a9fef5a18b40ced2ef02d86b49bf9017b43e00
-
Filesize
12KB
MD5db3f851f3b8cc4b051425c0b1377ea29
SHA142d279bd688ad57b1e374dc6c39f03f3c75945f7
SHA2568dcf7518d2604abeece37bfd1d0b2d2f10d98a227f569fee3178a56585760506
SHA512a226ace0f29ce6b1c6e1e45dcb9da19cd5918925aecbc8d12f0be9295773919496937808fcd85fdce30706d252db2fc33a26c0e9900ffc0d40c19f2d63a94a4d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e