Analysis
-
max time kernel
156s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
03-03-2024 02:28
General
-
Target
XLetters.dll
-
Size
48KB
-
MD5
52d5cb0e123dc9080741bb05b8637703
-
SHA1
bc4ee154a3476f325f89c5212d7e5199e6bc691a
-
SHA256
7dd7db99a76d644d98580fda11566edcead3edea2a72e1800b5e7afa5da3d437
-
SHA512
a2462f96d4c8afdd6ea6b1ceb370ce610f3a917f0319ee4a088cc67b640c0c98c81560ec2607bfa2af4d823734db31b6024d4ae654d1bf526c1d1b0ddcadcc16
-
SSDEEP
768:deXjzl86AWIyvejyMjkYrB0e7Z1I6eqgFbZwIBjQSKrMc:MTzl86AWZvjMjbrBrTkFViS0
Malware Config
Extracted
discordrat
-
discord_token
MTE5MzM5NjMyNzQzNDk0NDUzMg.GQtyFE.630ymbBowAmccfehQ9LqT14nEeJOjZV4R1iwvU
-
server_id
1193395247854653511
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 62 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\XLetters.dll,#11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd380046f8,0x7ffd38004708,0x7ffd380047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7132 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,9973307016074908409,7631322717009245013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\Downloads\Nova Patcher V2.exe"C:\Users\Admin\Downloads\Nova Patcher V2.exe"2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd380046f8,0x7ffd38004708,0x7ffd380047182⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4a4 0x5041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD547b2c6613360b818825d076d14c051f7
SHA17df7304568313a06540f490bf3305cb89bc03e5c
SHA25647a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac
SHA51208d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac
-
Filesize
152B
MD5e0811105475d528ab174dfdb69f935f3
SHA1dd9689f0f70a07b4e6fb29607e42d2d5faf1f516
SHA256c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c
SHA5128374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852
-
Filesize
30KB
MD56fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd
-
Filesize
92KB
MD533804254f416b3350650c34d33c40e5a
SHA183798bf1608e740f862d3b5eaca3750193797f6f
SHA2566f6f273e8dd880931094a4a5edb6c78e568ecb530f6fc382109527ae182e4b82
SHA512560cb83d3ac95c81d2947bfca11306872d9bd83066f987a9f64737f296483023a9b6eebfad9aec87943f7774df50a42e93ace7e271c293f5bd74e99688e82316
-
Filesize
2KB
MD57d320f03a19c71d8f0d547c7ff7fc625
SHA19af5313a487ade48d2318148fcdfde86c41c15ce
SHA25685b7f498fae4e387f051ee0450d03b821598fd5e257d42df6566a1726c16a872
SHA512b1d6a25d3cab897bc7a43e618c8f160e86c8b74e4edebefee0ec98f3fa53049550cd999d181c39e2b4746243da3d711f693b29f385d7851b8cc730f2e3cfaab3
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
13KB
MD5224e5fd5f4e1bb3025844d7fbf661f35
SHA1c88f83e399588469f63aedf0fc2d5d3e4516e555
SHA256d990d23389cff547ea7ccb83cc979145efb67e66173898efe106840f4779a31a
SHA512bde07d04cfdb260e84db356a9cea2d77ddffec49ba63bcd8fc2eae46f336c92732a121f5695c16c48ad6373b3a15d84f65f819ffc569937156f05ee34bad486f
-
Filesize
6KB
MD54b0ccefae131993d44d0a76b236462e6
SHA142bec873b33dffd52b43e5ba71d4628b24d2d288
SHA256398296c78b3b8009cceb58c9d74f027cb914c36dd3893193119592c26fda32fa
SHA51204f29704556d85bda4b9c726c21a1368d34d89439b38b9deb74db2acb59e28eadca43b932c31a60de6ba47bc5f048fddbe5225616d6aa047e3ff70225f0514ea
-
Filesize
19KB
MD5ebc7cd778b89e1d1a1f14053ed5e8361
SHA12124c7f55277d2ec5986fe3a9af4cc2c7f7fa834
SHA256596f8e015a0ba64b76e025f0fce58dd495d7538afec12653bba9e08bcd3e4a9e
SHA512eb68181777a4d22f3ea660b2c9f37bbff7c46568eb720e9792b88d79c8db6afe9f34c64e1694bf33348243cef91b860bf5b091a2d03730f48411fdff58aa85ae
-
Filesize
6KB
MD53f69ae61b5dcf8a7ef50c26d18d86897
SHA18cb37c474bfcfc32587130997f401409bcdfdbea
SHA2562edfa86ca1e0f8ffe5fe5b577e5424861fe8596e1fbd366dc75f82fd0c07897b
SHA51224bfa74088a425f79f782d3a620d6d06d624b04783a6c645592c1f0564df75bb46f9ac00bc5d93e38745df52c32842232c9c262b2fa76f70293f264fbec5caed
-
Filesize
13KB
MD58b46f1d19e38b43940a26c7789b34a7d
SHA1c319cd6dc3f9b72f8058b3f50ac520e886cf2315
SHA25629c37698a81668b104e4c3cd74905a55298cf981a15f5e6bc6608935fb6080e3
SHA5122161f2237b55e9bf07dfcb85b8093df3b5d2239f19079fbe777360be3e6bc90c80d75e1d5a0a13060554d1009b02f1e21651adf3962e784e97c175e618cb9a36
-
Filesize
18KB
MD520e572df25ef81299b0bbc234403a461
SHA1dd1d5ca212dc07dd1b268ca5a38dff417badf247
SHA2568747980fc0d92d95adc6989a620a568a8efa604bb5e1b0172480908ee702bdc7
SHA512fd5175c10dae04df0192436bc066575063af4399bcbb15fe9c31c906f1ea6e15e9e698845b5a92b140ccca11a47e1827a7efbcc9ae1f8e77b5f3eec3a30f946a
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
72B
MD562e91f4c5da7ab77af934159edf67e79
SHA1f6a5667985c6295d83d5196382941eb7f0f4238b
SHA2569459352f136a7cd47b2c0d4d4843153779bc5062c511a083efec3352e93c1ec3
SHA5121bdd9d3616c427b3fac3b36130f3a7cf749cfbf74c2834381a268904519a5a4a52c5bab25232bec0017553f7dbaac417e8cb8b86eb5bd9b21343f7cc1e107c0e
-
Filesize
48B
MD517676bc421a40056242b6ae7db394d3b
SHA1a2afd3ed25cc4a4cadd19ccd5feac7ee09a23041
SHA2569b82d8ac1214d4aa78f16e31c6de214f2beb3421c67372de8a20f4ab1dc4e02c
SHA5127ddfcce395b0ffa2a3e571489a6455650a320ca2c2554ef7c2b09ecf54477824fc57510b930bd14466183b1f3cfb8c86b830b1ac79c0958443759f40c6c87ecf
-
Filesize
4KB
MD550170fcb3bbc11123db30dfb3c3dd0fd
SHA12e3a4742ea9743b96e1408ca78306e786f60a91a
SHA2565380ffb02fe5e119652d857bdd3229cba70feda933edab13de80d18311da1d3e
SHA512405764578121a6d31b06f63098e3553bfd68b503fd230cefb41338d1a29671f1aa1c79a613ec0fbd6b30f4ae63518ee4c406f8294f63a5100cba21a86744d62a
-
Filesize
6KB
MD58cbe2ae43f47c3acc72355a394886076
SHA105cea64c90114541104478a210172998df1cac9f
SHA256fb8ab2ea4327cd1d974ba4f0da73b1cbca0e2624b43bee6498ff7ee87f84b5a5
SHA512d6bbb6bfbc94f2f627a0fdf3856317e320a1fc38da370f8ac8b7aa305bef7df0983bda4f3c998a66d47c4824f807477f3385c18649aface92879425b363b4f92
-
Filesize
6KB
MD51712f0d95dfab3bb9d01989046515c0a
SHA1b9bf75f3af38f2cdadf1187ac2e65eee18011624
SHA25673b88e56d0b81c00d627dd950392e7621f01c78df3093f0ab9d76bb9e5e3bf43
SHA51252a48d031cc0255fb51bac14ddacd58fa88fb0645af760b51a072287244e3c277cf706877dfd12c5abd78f5a1918de3f5f51c43b0e5e53879accbfa9a96ad598
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5becba0b77dc825a0ffd54bac9dc90385
SHA1ec302cfdd368e19b7d3a69f39de0b606142c4c5f
SHA256f15cf9dee4d854c2a484df7c4811b827639a071ee2952d193b3329de1219ea25
SHA512af3831319c6b5a8e2fef69c75b0547c3f38ac4383f2e65407f031991e6d1c1952f2dc6892520b103d9d3cd0723fbd9c13db5372d79ea0f073f4493e66b25c16c
-
Filesize
12KB
MD5ab8e46b8a0a6f2f7b985be3ae239c096
SHA1a9ee73091d565bd5aa75ed6f0e50d6cde30448c1
SHA25612c522d8c308747502e31cd585cc4880fa53a6966b61c0599ed529141d7aff3d
SHA5125886aec2f37bb9c04dbf0e384240b4e162af661094a5bf0886713803b667e990ba5259109829fe6f62f13e27e774968102d43d54487737382a41fd0c2f909525
-
Filesize
78KB
MD5ef61bc4d93013d6072d6b6b4b2231f58
SHA1a604af75290366150af26cb64bd9bedc01ab7b78
SHA2563ce93b5813e1b8534a70b227f7e8503e10c3480607032c9744354faa2ac4a070
SHA5124cb794bac0eba98e54affbb7c1620113409b3065c515e7565e31848ad2a446010f7216459e7f0f101013e46847a309f56967866ba7b20a85650e51572c3ebc6a
-
Filesize
96KB
-
Filesize
5.2MB
-
Filesize
64KB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
56KB
-
Filesize
10.8MB
-
Filesize
64KB