Overview

overview

10

Static

static

10

2112-122-0...ry.exe

windows7-x64

1

2112-122-0...ry.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 02:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2112-122-0x0000000000440000-0x0000000000470000-memory.exe

  • Size

    192KB

  • MD5

    66556efafe39e23ad9f3dabaccae60be

  • SHA1

    088dbcf5b1932121408e77198d091a60d558aa1a

  • SHA256

    3c66d83f7ce743617524e19f454e1b118f3a5a4a1cd9315a5da70318664e088a

  • SHA512

    5c0511b42a67552be6f6d916b2c0a7eb188bcaeb6b1598ce168dfa92221c66ff05b57a627504adcd24508c4fd198a696665b2bcec44b233628a60e7366893907

  • SSDEEP

    3072:bO64zyFlJDGx0HqSYxNXUfMim4G3D8e8hE:7f1s0HZ8em4G3D

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2112-122-0x0000000000440000-0x0000000000470000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2112-122-0x0000000000440000-0x0000000000470000-memory.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4164
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2112-122-0x0000000000440000-0x0000000000470000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3896
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd4f9046f8,0x7ffd4f904708,0x7ffd4f904718
        3⤵
          PID:3976
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
          3⤵
            PID:4820
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1000
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
            3⤵
              PID:2900
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
              3⤵
                PID:1176
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
                3⤵
                  PID:4628
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
                  3⤵
                    PID:628
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
                    3⤵
                      PID:2904
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                      3⤵
                        PID:3512
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
                        3⤵
                          PID:4812
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3740
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                          3⤵
                            PID:2712
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
                            3⤵
                              PID:1416
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                              3⤵
                                PID:5312
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
                                3⤵
                                  PID:5368
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6987785527139590234,9014454683177306539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1716
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2112-122-0x0000000000440000-0x0000000000470000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                2⤵
                                  PID:5204
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4f9046f8,0x7ffd4f904708,0x7ffd4f904718
                                    3⤵
                                      PID:5248
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1640
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4388

                                    Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            7c6136bc98a5aedca2ea3004e9fbe67d

                                            SHA1

                                            74318d997f4c9c351eef86d040bc9b085ce1ad4f

                                            SHA256

                                            50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

                                            SHA512

                                            2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            5c6aef82e50d05ffc0cf52a6c6d69c91

                                            SHA1

                                            c203efe5b45b0630fee7bd364fe7d63b769e2351

                                            SHA256

                                            d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

                                            SHA512

                                            77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            264B

                                            MD5

                                            7677f6f0ec1a151ada48257b173c1467

                                            SHA1

                                            87eaac1e6265ace348235ef6a37ca1c4b0a88824

                                            SHA256

                                            48791de17e64155ea950c7ced29d26cbd209e8e1468c325fb979fec3f32f22b6

                                            SHA512

                                            417a55915f97c820b1860611f3fe04f795f96d9ccd14a0467d4e4c74610a3ee52c61fa9d8fda220a359e130becf5f2861311e10cd5bc15822cd5c8edb2098801

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            111B

                                            MD5

                                            285252a2f6327d41eab203dc2f402c67

                                            SHA1

                                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                            SHA256

                                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                            SHA512

                                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            437B

                                            MD5

                                            05592d6b429a6209d372dba7629ce97c

                                            SHA1

                                            b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                            SHA256

                                            3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                            SHA512

                                            caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            2ade323e47091fb31c034d12d7e2a084

                                            SHA1

                                            cf4817c2c88986fe8205277d4c5d82551bcf7c73

                                            SHA256

                                            c30f85025c68d1cdad4b270007eec08d9e28752dd6d08c3044c433af98630a2d

                                            SHA512

                                            6996d39f18552ac6d7eb84713ddc71782aeccf465b7f9bececd166662888c40554b5913347afab480513e2f789f89d3ae92142087f35853e0ec734646fda5fc5

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            66f071254964f108cda52bd9186820e8

                                            SHA1

                                            9b4e90fcc76e5e93f4c33a0900f4170f7b27fa3f

                                            SHA256

                                            382cf53cf6d901dd0f95cce82799018086a5c424fd4d58d6116ff9b860d789d1

                                            SHA512

                                            b4fd4a88a8b4a31246425b3dc801f2b1f591d5a49a92661d5f0a4d1397654a4d1cfe55e42b1f1a6012d42b139e445cac4385e0b1da2ef6137f5d261d4fa62093

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                            Filesize

                                            371B

                                            MD5

                                            640ee23e5c9d1b61e0040270e59b91f6

                                            SHA1

                                            558f3909553ac01af78a68f0636249ca5ce0311f

                                            SHA256

                                            e10177981cb0615f6f7d78a3783b174bf7f7089b5939bd642ec30f57a5945d69

                                            SHA512

                                            5fa73d34f2bf8bcf8c398a3ff138f298242f6ea4d35e9d9664b3242e22bec80ec5c5581c50aa5fbe160d68b75cbfd2732940d2faec636c5e35cc3c6d49427279

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cd5.TMP
                                            Filesize

                                            371B

                                            MD5

                                            ca118d9951ebb7eb05e14c05fe0321b3

                                            SHA1

                                            0cf67edcc00799839c6f3e31837c0b68293c1b07

                                            SHA256

                                            4bdb5dbbbae2162829d3bd00a53f2a96d2720683a224d86c88aaf61ebf204f99

                                            SHA512

                                            32e07aadae377cdd6c199d1511aebe6edfaf3f57528ea8ccd939489ec819cb2b534d8a8eda38c67f6e9793ba9571d6d1a606ea4c6e03af531e583a68d566454e

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e12507b6-5698-4fa4-8c97-e2b3d5695412.tmp
                                            Filesize

                                            6KB

                                            MD5

                                            34e79672bfbde925f5eb0eff70ae6e02

                                            SHA1

                                            b9114f5b59363a09f1e23c4b13574929ed5d517d

                                            SHA256

                                            2bed3087d50bbd88a03bcc8de51a573da42c832a4200bca26d9d2ca6e3bf2431

                                            SHA512

                                            27e200a154531da0f438d016c17804f8b762d50aa2140f2fff7cbf32b07dc9111edc7cde3331e63c486f32a9b85a7405be45b23bb217b80bd4301bdee326b62b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            b61217727997b233178181508d0a36c0

                                            SHA1

                                            4374b6c7555387b21cbf46285059490fb2a22a91

                                            SHA256

                                            e976e4860ca9af5833fb953ba52bf99b407bcfe868a13a9a3f41a69aa298e215

                                            SHA512

                                            a99e58ae6ddd919d2349d109b047900965765e36daa720b0ed90ba88d458cf842ba572ee3c96e5dfb46f2dd4922cc24bdd8cbc1a3ab5044d917d1f355638d676

                                            Download Submit