f5d0f9d6f28d623d46de353e519c8092fd4ca47ae7e1f34cea4b020a4d8ce998

Analysis

max time kernel
154s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

51KB
MD5

6ae74a1da6a72ec36f16f38b3b581fc2
SHA1

b7884497734b8923adfb09930241809d83dbf18b
SHA256

f5d0f9d6f28d623d46de353e519c8092fd4ca47ae7e1f34cea4b020a4d8ce998
SHA512

427c0902c12a21371881353082fc6ecd513e883260feb2fca132c7b8557c49a6540cf8ba8cf00ed873e26c9858bfe2cbc0cf6cf17d720c09df78af0904da912a
SSDEEP

768:rQHStpl9fmlYOGrWrkJbze65kX7nFei0D0HlSkkmO64myWZgXAnaOhPSt:EHStpl9fm7Gw/X7SU4myWZgXrOBSt

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
4	discord.com
11	discord.com
19	discord.com
25	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{D1798186-B89F-4CEA-8182-16CE5F989C6B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
5040	msedge.exe
5040	msedge.exe
1052	msedge.exe
1052	msedge.exe
4324	identity_helper.exe
4324	identity_helper.exe
2200	msedge.exe
2200	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
1956	msedge.exe
1956	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 2752	1052	msedge.exe	79
PID 1052 wrote to memory of 2752	1052	msedge.exe	79
PID 252 wrote to memory of 4844	252	msedge.exe	83
PID 252 wrote to memory of 4844	252	msedge.exe	83
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 2224	1052	msedge.exe	84
PID 1052 wrote to memory of 1652	1052	msedge.exe	85
PID 1052 wrote to memory of 1652	1052	msedge.exe	85
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87
PID 1052 wrote to memory of 4260	1052	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a4293cb8,0x7ff9a4293cc8,0x7ff9a4293cd8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2616 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6368 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,7007533169764102755,14080153493237921116,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a4293cb8,0x7ff9a4293cc8,0x7ff9a4293cd8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,8987603715950037081,12804461123266540862,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8987603715950037081,12804461123266540862,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E0
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
30KB

MD5
a6b4e8315405250e3796d15d51dcc2ba

SHA1
ecc9193572956a0d1b851656c225663697a7e74d

SHA256
72dc64af40f3f9a32933eaea03ad442fad1be9f8b2311138949ffc8aa731c99b

SHA512
2f372bf4ff32f19e3f44a7292d9f93112de888f2d42e951348f974fc169dd5dc2910c5869d5b1803cfc2721461fe299bd667c1907fe954895c853f1473945121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
1.1MB

MD5
115d1f541c027bf6ff8463066c76bebe

SHA1
c7c8954fa5728e37a5826dd6bfe86b0bd9dc83d5

SHA256
72452b7030dccf63e908a6157f8409eb0f66eab6958d74de3706ee9156e084e8

SHA512
142fbf9c2538f7aecfde7c1ab7a585ce16b423b2b730084453d6f471b70c73175b23ea962dd477b4eebc6d1a623f5632c020054b17560f2af4e0db1f1ac0d275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
011bc0fb3a068d89ee4fdb14c92e50ff

SHA1
516067ee3f2c52f5055db846f2dfbb9fb56fc133

SHA256
1de1456b1eef0030f2d3cc46ea8cfd0080a33f264278b66ab520bed19f099adc

SHA512
5be3fe3e75e2d154da47396fb8e38f6cf79d3a0c5b2f33729e07439a244a164c556496ee555cd95aa2d137c04da0a824048c0be014a52daec12926c4e35f2037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ee2a0e50d274d9931416dc60b896ea4d

SHA1
0fbf72f82cc35702906bf8e000d7590e7bd1e780

SHA256
e940f376be08996b68816ef4008b6bbc594908437ba1e6cb5c3b08628639bfe1

SHA512
92faca2d153508c1a19db44fc6400c2f34daf8bcba6a275659f01b05ae242680fcd8e2f9e2dce7b70159b855963200c1f95673c538a4e4d99dfc01b3ed1194e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
728c51251f97d2d03e5ff7542d0b19e9

SHA1
1a129b56d931093d61960efc76db550e5a94c286

SHA256
a82bd6f8709404152c78fb515f448c7ba877bf85502bb3ba1be811a9d5344499

SHA512
0037132ce51cd9f1be3c6038b0d8c168116aabc68386b54b126d51c7bdda24a93d51ed311efd90e6c622c35ec25daa1b0947cb399a53beaf9047bf10acd88595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd1aa0c232fe7a0b3d7905f29fc2101c

SHA1
c7f86127a0e9c2ddb3a548264f758b3f1959684e

SHA256
1b0ccba3c4799ed888ea429edda3cbb21b1b942591b698840c32aaeba903d668

SHA512
78fdc002911f2e6dc94d0ea55f239193022a40054f7dca005ae725f67b65d8b0db67d65a51b056301272df753bbabdde99a3aba8722a8b26e232fbff8d3875f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87d2747e180ad0e85d7a5a9ecdd6956d

SHA1
e6e30cc1833194a7a274d23dd3fbdc0b24becac2

SHA256
8e4fe4bf9f6f2aa99c0dd902cf026a17913604309ab7fcb5c776edfc63bea9b4

SHA512
3c91fedfec73ca1de4d1f1836bfcff3eb63ab0bd9bf8c5613af682601a203757376df9850345013593fe101fcf4accc7a887efdd4037b17d5fc2eed98ff9db91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e77796f6341b6cafb0cb186bf4a1a54c

SHA1
45295f6adda1648be8dbc1b1222bcf1fd3daadb0

SHA256
77291d331d967d5d1a92c1e5d37732a9df42c83f969ecd5ae6940c8d21a091ae

SHA512
4eb266fa35b67fa938f3d558f25c5797e99cf0738cef175eb8ffc9a04bfe4ffaf9ecaa259707d4a294465d482bd7c415fcac34d3583e753063da8cb0b86bc4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6a75e09ff5c6467b4992e7b3a547654

SHA1
a5bab31fbc874ae60b9e6eda2df027bba3f03d43

SHA256
fec6f3d35d8b4bc3a639cdf4c044cd5a41ab63774380112c2efe7acbb0a16f66

SHA512
4548dd1d475a04081ac64a1800c0221735fde32075b427bf0b9d051f7be6d4ddb33a2e8c8883d26cd3b590e7bff5f764e06fd5345223e6ccab6a2829a6d37dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3385360b89237be12e0a8107cfeaa5d

SHA1
50bb24425a5751afc4500e0fb3c08d34c7440d5f

SHA256
3675d01d2e0252e20c58e60fdbd5cb9c9976f281a711ac27c437dcf4bfbeaee6

SHA512
3b448e5fb0079e04c437dee48693ae90b6158ee874e3cd90c01ae83f7a46d217f6a56f69334526a1ef12859ea88fcad1ac411b5d688a8c5e25a441fefb58f52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
860B

MD5
fd24e9656200a3fe8e1ecdea93448f6d

SHA1
c96454cf6d52de6c085901d3b3861ed6a06cdd62

SHA256
d88f5d2f36be60bac9819d376662e8dfb3c41ab1453edd990186c8d9ff6a0496

SHA512
cd4c7bfb9d75edd0af0a2c1d4f0cead6247a06254f901902d72b4686fe55e29166b79ded75c242f9f94b0d661393b3e0394be99ddb200dd09ef63939c2796276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581112.TMP

Filesize
862B

MD5
9da737ff91c01be106172ac4cedeab12

SHA1
208f87a2da07c451cbb1194780c31ec642e01bf1

SHA256
30ca0727b8f2a50483c50e7180bfb4a07421bba24757b105c86dc471f1c16c64

SHA512
47cae0e9cc613f162917189e81f05930e9fb79672cce4b6ac1c6fd5e5f62a9989a32d4e19b7060ea7652329a8da8923ce42e635e77a966cc86dddec81ae0a07d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0fa2cc6c9f49b9f0cc1d030ce4b5528a

SHA1
2e7dc889d4a8eca32675900777e764ee5b7e4b4b

SHA256
5cb8e37294d06d4b4bc9c09cb0c967e48a28eae34d3ea2cf4b8527c2513a8caa

SHA512
3aebf798cddac6b67c8a6dd39470a265198e40ff2cbfd0e9ec6ca3b8d4cfa671ecad1d32152073ebdfaaa38a9223b81111d82f9ca6ee31bb5d41c6ad781af70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
694270e80f45b9b0ffeb7b8b77f373c0

SHA1
d86bb1d78b32a24740554892beda0b69cf0157f1

SHA256
43cad5f893fd77581f97601fa2c717a7d6fa02103dd297ecc4b941fc5186438c

SHA512
10ca7cda21cd39c80c2c0f1c156a061767ea35498af4c12321b6b9fb6c829f5bf4e2bf26b9d226f75d08069625d81dfd4ce495bbcc8143ee03fab25338cc1829

Download Submit