Resubmissions
23-03-2024 18:19
240323-wyn91adb3x 623-03-2024 18:19
240323-wykltadb3w 623-03-2024 17:59
240323-wk6l5aad29 1021-03-2024 16:48
240321-vblpxscd46 621-03-2024 16:48
240321-va5reacd34 621-03-2024 16:46
240321-vaej8acc93 621-03-2024 16:40
240321-t6rzrahd3z 621-03-2024 16:40
240321-t6lsqsfg27 618-03-2024 18:43
240318-xc4y1afd69 618-03-2024 18:40
240318-xbjlnsga8t 6Analysis
-
max time kernel
1169s -
max time network
1174s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
18-03-2024 18:40
General
-
Target
https://discord.com/channels/@me
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 40 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/channels/@me1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983cb46f8,0x7ff983cb4708,0x7ff983cb47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5076 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5940 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4176 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16510044195423451558,13265674806081191413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3540 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Start Survey.zip\UnityCrashHandler64.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Start Survey.zip\UnityCrashHandler64.exe"1⤵
-
C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler32.exe"C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler32.exe"1⤵
-
C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler64.exe"C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler64.exe"1⤵
-
C:\Users\Admin\Downloads\Start Survey\Start Survey.exe"C:\Users\Admin\Downloads\Start Survey\Start Survey.exe"1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler64.exe"C:\Users\Admin\Downloads\Start Survey\UnityCrashHandler64.exe" --attach 1728 21715684597762⤵
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x5041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1B
MD5c81e728d9d4c2f636f067f89cc14862c
SHA1da4b9237bacccdf19c0760cab7aec4a8359010b0
SHA256d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
SHA51240b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114
-
Filesize
364B
MD5f501149a7cf45257d8b6e223e008bcad
SHA1677c20c9c5fdbabaaedb38d92ba5b1e8fbdd6d12
SHA2563afb42e2f7b7f0091c6a8d38e61e2ac85f5823f161d755dbb13c4189a796fc9c
SHA51281cd1b3319f8505567928be88f434954af3379c091b8c6beb5595abaaaf8765461bcc9b4c2ab13678ef36c4083fb35b10aba6dbcb6d8679776dee10e50ed8658
-
Filesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
Filesize
16KB
MD5cbaf24de7f7b37983e5693d650616ea3
SHA15a7dbf85c1472ea6c1297b1c72c569494cdfcedd
SHA256972973d79c4e67809066d78383c21e13941648b1fdfb480ced17eead876a615a
SHA512f2174b4852da14e0b823ba7e975005e74edc5c87d93ed2dd7b3b7bec697e1e66dd33456b508819dc1551d1df051337e23da2ddeddb260f782d307be0a405aab7
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
Filesize
87KB
MD5bb952ac2a041937b5f73f2fb12209562
SHA11469b8940600d2783f62e06efb0a143710ab3be1
SHA2567e37bbe9c452e1ac2891aec56380a52a5e3f325350811dc7f316c4eb7f0d4ecb
SHA5128ed8cc3da43538aef5a2ad103bff082541473bd553930a7213be951253fa3a97b965de29a0d952e7d0fdd87e938ecec80a25ac8b4b5f33b473bc5aec7109e6a2
-
Filesize
4KB
MD584724fd83242dd7f73c7a2500881caf9
SHA192739d8a77d3ab12348e77c0e4593e9946d83cb0
SHA2563e571e69703e276755488fe8b22548bd8d70593b1497e632a30def2a2eb468c6
SHA5127344f3bbb4f4855e7513c852c9c1d5ad12d138f474b8acc0c83cfcb01abae3895f1d0688735100d4fdc86717341a580ed001299bcfb59a29e789d1c743dc9685
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD5c54aae7daf43a156d15ed05cb3aa6d4f
SHA1b3cd522bc3951ce0af79065c755d0e03146a5d61
SHA256bed5bab1b9e0fd0ea42b1e309c524c1aec09ad5435740f5834b05c806d622f70
SHA51231a5c99d2fd1d572ff4460acb8b76f6d97c82602fa3e261d8b768adc0babc0f3f11a494e6db5802d83e668aa5b7ad7e785a7257c672e66f930b63787976710ca
-
Filesize
4KB
MD5ebf2432b8517920038169e5e85e143ea
SHA1d8f7fc2770ff7ba8894aea3c1c6583c2bf56dcfb
SHA256214e83a94492e1d888a430424397cac64cf90a3f6c25744e6d990a426512cf75
SHA5121206d00d148008b57abafc157ceb901a47c538a7de27647c18b21dfd60eb3c503abd1439ae4a8cc3389256c8320f1ad4c6ba9a722430c169f083fe4c26cd4faf
-
Filesize
6KB
MD5e78df3816e8d1c58a973cc0efcef0997
SHA1a6d3b68cbe57e1771f813398fabff4292b4cf10a
SHA2563612a1d111877854e2aafe1cfa79c82063cddc2c8f2e56709bf6fe3328e0ba33
SHA512b3858c65dd4aae1b860a8005bbd1bd10fe5c1541a393b3905e3f53e3293ec9d25d5fd822ae3ec751f8cb3c386729c79b899d3f633b2860300a2f8076bc8a8f02
-
Filesize
6KB
MD5a005c3aa136b303b72d63ff2e68950e2
SHA173a3f6e692a9d751a331353ab225145f8e062c0c
SHA2566b45b697a438fc8709b2330a90d9babd8af963e1bdc2bcd4c7b0719c8ceb77c2
SHA5121fa48efd886e22ada488970a5209015e21047c9cebda182191839a4474945ad9bf597cc439d55ec403aed3142c265d1f3542d3bdc86f13b22e571659171b1806
-
Filesize
7KB
MD5c48c7aa2741e5901743c645dcc53d60b
SHA1eb121b42651349f0c6dc7de58826cb5659ab368a
SHA25689032a474b8593c1d21163382ce5623243d06fe5365b835dfcbb17cf45930d80
SHA5121fc513216afa85d3d18023fca7ea7031b9a653ec3b96a3aa50eb8db4740f90db74728dd1a85f4068d2bf2031c900a0df79cc86fed8117e3dcf248974cfee2ecd
-
Filesize
7KB
MD5ec390f6ba59c11d9d421101813c24535
SHA14db7937c27630be43e9ee51ed75bacd9445732d5
SHA256512f462b8c131946a94659def2aeb1fc42022c6bb1a338a0db10bc36356703fc
SHA51289fbc1210823e12bbe4d0918ccf407a9e2197fb4c838f0212b0c4e2940d62dca754dd39ee1fb7be7ab514873ab3f3cee8d47b2ee806c4266ce5be8b399a824ea
-
Filesize
8KB
MD50bfc5cdf5ec4fa9facf56fab4d74d1f2
SHA1e1a46dbe9fd125a01b43696ede3ec48f86ee80cf
SHA25682a5a20c14eaaa7a91f30efd61262cc770beec506f1664fcdd00467f80afd162
SHA512982dbe15359d6923b28c83f3faca78caab9e54f666fbea3b4f762a39c79f7122e81bc75afc4ec5e722f431c4789ac6a0887815ac8e71dba55f5a5a3332b6657d
-
Filesize
8KB
MD5368942dc99605f33a49b066bbe203c35
SHA12531726424b540d1ca2f6602ffbccd48a8c6ba0a
SHA256920e78edc5431c2bc8573542a21977c4aae2c10f51714cbba7e01336a8eab491
SHA512925ebfd3d37aeabb35f8540ea24543e1d2ff6eea7abbdeb2980834a832519b932556965516a717e598bb5cb5fcb467b655eed8da4eff8aa26d2c3600b7c2711d
-
Filesize
8KB
MD5d051689868aae5864b696e7d9799aea9
SHA199cfc2a0a60dfe4fff78a13d28ca1898d59fa698
SHA25635a7889b3a2d5be100b61ee92f5a9cf17973e8b69ef909283949ac801e6ecd2a
SHA51259b48a853914b70167f79527e8fd33d38aa47e4fcbe542da1f42945315d245362251eca52ae47c5ce44a723a166a23cf6d49613de4a6c30371d60679969667fa
-
Filesize
1KB
MD5592e97a314e88007994cd6c5eac81ca8
SHA1273e715ae82a46a2bd3257250dabd278bfc4954a
SHA256042bb50167b71222e4a43cc7d2b23609b660e71ed2c3f4a794a8cc183ce2a102
SHA512d99f20b3fba7b3594fe94221e74da92be67d7a820c2109fe18fc73795cc52db46df6fc49db00141fd2597da0be442e99f12d91da8348ad9dd617e15eeb21d16c
-
Filesize
1KB
MD58396d2b3f570bbd4b45fe46f4b7cddc7
SHA1a1af5895bda0158bdcaffedf040a09a97404ee49
SHA2568f0f4723284f2b612a99cda292353decd785792bd5b736141da9c687ce15c44d
SHA5129001ac223281dcc368a7cceda402e79fc4645a2eafb0d5f567d7f7940825c988a0e5e2849a6c8b42b434671553a2c697adbc4f5855fc31cb66b232dfb71371ed
-
Filesize
1KB
MD51b0919391c9c87a887bcb619d8773143
SHA19cfa4d1a004bc66a27d57b9d2c47a94089f624ff
SHA2562b4776279c9063c6dba62823945370f575919f7bca4ab47ae279cf8b70327c27
SHA5123a3797e59a59911affbe3ee94ab4e67fe6fb30523e16736946c85c089537ddd2c41a7569bf3f8412f9736cedddbcefb986d006f2438ef85c006e5e8f0f1c11bd
-
Filesize
1KB
MD5a4698c41e1f359ef9c6859ba4f7e35a8
SHA1d65b7f06e00f533ae344720e988dd1c6a7752d9a
SHA2567c30d3d82c648e7a824473f703990c14d3d393a8481ff3bca48b3fd6349669d6
SHA5123ccf6a42310a964df6abd3d026abf2847fc3e65ee13137bd09fe71f8c41b6341734724fbcfa23de48331484a575e6bc7ffb84a2534057ad6f65d27918a0b0a86
-
Filesize
203B
MD5566aebabf3808b8780bc6608b42d82eb
SHA1b4fca380b933969911c610f55288aa2ec1e2eb41
SHA256c81c34192df6a74f89d0567e453a888fe42f563f08d54febda5203d2a7b989ac
SHA5126de420b7c854b09e98c08c1f96531d0e27cc8e74230c2afb08d280bcb06f3b3e2ff1ddca0f5d043c5cc3f8fa62fd5c902fb7fca64bee7b938c6628e7ae87f16f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5c953ea027d318d17d4b5d3b52b958a5b
SHA1451c3480eaeb813a3f02b5f48155879a31766c8d
SHA2563dd6aba0e1248c4b870a2947e05afa7d7ab3b0d7a3e7fbeacd1586246d5497c5
SHA512c465ac8d468a6e5e55744d25346a1ac04f78c862a553c9ea3dad818412e628da178fb8b3d2e5a6aa7c90c28a3064ed83cc73ed5ddf116c5f9614eb8f53d58243
-
Filesize
11KB
MD534c5bf553d2ecb2efa790f0a7695a8e2
SHA1e178248da6f00457dfdc16e62dbe16cabdecbfb0
SHA25611ec4a7bb3f4f6667d839cc6100bf58dd748de9e4f60829735aef239b6691d71
SHA512bf6a9e37f511009678ba3bee3e120eefccffa276a7068e1c6d0b5e669f1a127e6fa065315cbc6b3b6c768bb343f3639f1c6737f903470f8cb8f0097d58618958
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
6.7MB
MD54ed5504a2f0a4f055d810acafd7a64ec
SHA176921c7058eaa7b4b53009c79dbed0e7d15babd0
SHA256926827d9852bfbfb7bfd17e148fda5afb552f6c6c5ddea3f6b149cbf4d72b41e
SHA51236f8af3a1b46b43a0d32b0a84d4dc270c78b9018fc20790b007ea6bb7aa1d9c31670779cf50d7f7e0ca6f9fd6b9410b2ae3af0a1042f2f138a53dfff30022c2c
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
128KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
4KB