Overview
overview
7Static
static
3Terraria_R...2_.exe
windows10-1703-x64
3Redist/dot...up.exe
windows10-1703-x64
7Redist/dxwebsetup.exe
windows10-1703-x64
7Redist/vcr...86.exe
windows10-1703-x64
7Redist/xna...st.msi
windows10-1703-x64
6Terraria.exe
windows10-1703-x64
3TerrariaServer.exe
windows10-1703-x64
3small-games.info.url
windows10-1703-x64
7start-server.bat
windows10-1703-x64
3steam_api.dll
windows10-1703-x64
1uninstall.exe
windows10-1703-x64
7$PLUGINSDI...LL.dll
windows10-1703-x64
3Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
04/04/2024, 13:32
Static task
static1
Behavioral task
behavioral1
Sample
Terraria_Rus_v1.1.2_.exe
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
Redist/dotNetFx40_Full_setup.exe
Resource
win10-20240319-en
Behavioral task
behavioral3
Sample
Redist/dxwebsetup.exe
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
Redist/vcredist_x86.exe
Resource
win10-20240221-en
Behavioral task
behavioral5
Sample
Redist/xnafx40_redist.msi
Resource
win10-20240221-en
Behavioral task
behavioral6
Sample
Terraria.exe
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
TerrariaServer.exe
Resource
win10-20240214-en
Behavioral task
behavioral8
Sample
small-games.info.url
Resource
win10-20240221-en
Behavioral task
behavioral9
Sample
start-server.bat
Resource
win10-20240221-en
Behavioral task
behavioral10
Sample
steam_api.dll
Resource
win10-20240221-en
Behavioral task
behavioral11
Sample
uninstall.exe
Resource
win10-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240221-en
General
-
Target
small-games.info.url
-
Size
50B
-
MD5
705d7159a663cea1b3db58bdedc96f77
-
SHA1
04a1d8bc075829ae8f05a8def19a95352855808b
-
SHA256
64030dfb4f3b9face0252a464d3c96e1e757cde2bd28604d134a1b8c2efaafaf
-
SHA512
682d38c4296c47ca28e4f9b672313b94f81e0995e8a34bfed3f2e9c53b45b76dc127c4b10af72e973fa2d8a3a84754df8a7951314df88b1595a54f5767dc8b30
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Control Panel\International\Geo\Nation rundll32.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\2219095117.pri MicrosoftEdgeCP.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "494" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\Total = "116" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vk.com\ = "340" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\NumberOfSub = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\Total = "39" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "842" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "419019173" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\NumberOfSub = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 90e5a3b39486da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\ = "39" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\small-games.info\Total = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vk.com\Total = "0" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\Total = "87" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "102" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 82183fc79486da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vk.com\Total = "152" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\Total = "147" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\small-games.info\Total = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\vk.com\NumberOfSubdomains = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "190" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = c91830c29486da01 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress MicrosoftEdge.exe -
Suspicious behavior: MapViewOfSection 4 IoCs
pid Process 648 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2588 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2588 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2588 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2588 MicrosoftEdgeCP.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 5032 MicrosoftEdge.exe 648 MicrosoftEdgeCP.exe 2588 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77 PID 648 wrote to memory of 2584 648 MicrosoftEdgeCP.exe 77
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\small-games.info.url1⤵
- Checks computer location settings
PID:1848
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5032
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:4664
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:648
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2588
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2584
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:4236
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml
Filesize13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml
Filesize270B
MD53abcf5d7d5a72c083d3176f80c396907
SHA106a1018e932f0e8a7e01f94cb415b7d3b03cca3e
SHA256dd62e353856c0a25697d430f6999336bbe3ff23d53e987ea5c6d687836aa05a4
SHA512fec88e1d5b6d4e13dcb9b3d516ead7d9ea8beab5d8777af7d27c49de894f4a233d1fec403616b3b16634e2294fc4d9496e2d0fdaea7701f58b0b8e326125c545
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml
Filesize394B
MD560ada55ca24fa8095e7ada9116f2bd88
SHA15a08d304df5ea10451a3ebb8dbd846cd263c5c84
SHA256b14fb225fc9cd6732614bf3d74728bbb891acc3a9d337506b601383c9a9aefa5
SHA5126b433b04946f45eddde3017f9ed85c45d833d87a8e8d52302ced02f97b8dee134b8127e18bc730ca5404206a3fe2ee2dd55a1f40b154edccbae918b143c31297
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\2ZZRPTVO\vk[1].xml
Filesize510B
MD599b9184d91e0d171051a3a62f3919505
SHA1923a7a77a614f4f749e8dc5f8487e0c3af182594
SHA256bb0ee1751ad354c687ed3cd6c741644d803aa292a72920006e231020b4bb6b48
SHA51246406978f4378d2065a8a39ddedbd8fc0297257043b13c5382438f0fb1a6e3d3ca00f3807720efe4e25c24b48f56ef1a3481a85c38575fe964bbf5abf81225fe
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IUY6W5C0\small-games[1].xml
Filesize86B
MD54bb3223c8d6bb24ad999184c57f79a09
SHA10cd4403d7aeae3fc6b936315c1b28f2e68a81c33
SHA256b2df112069723f16bb09f5fe170c21bbe64ee3282ed178c3c5b99d665667b09f
SHA512cb12a89ec8696de06ed34315c693fea0b3f718970157906edc99ed92bd6d240291d935dc66c2abc85808a13497d7080eaa1e52340406414f389992a98c54b747
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IUY6W5C0\small-games[1].xml
Filesize354B
MD56971615543a997415332b89345e66b4f
SHA13c21ad6ea63757a18e302a03c76c7a5c81c93d5d
SHA2560ae1330b67397eefcd1c8147a9d8bcdf5c4f6efa88848783c3cc34cb6ef6e888
SHA5126cd5cbdc8a178e577863cfaf0089781e8bfdfc1a2951af5703a583571ae148316251b43adf928a45728891b54480a8c93cb2c043149a0763bb9e7c28fd29f927
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IUY6W5C0\small-games[1].xml
Filesize1KB
MD5a1b75717128c6202c22e94b0ef7b7e05
SHA1404c7a52d2bd5cb585f718264cbb2b875aa9bb27
SHA256dcd75870c26f1a8bff55a4276860c2e128b8861cd97cdb60decc02629d809b17
SHA512268cb0450032aaa0c90a6fa9ab49212149d9c27e5af14dcca377fffc7e21d7b413c02e272f0d660e41c0d34205d56e123484dbee88c96d6a1ff55ed5ce0b9218
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0GHAFUHV\suggestions[1].en-US
Filesize17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\HH1VPV0V\favicon[1].ico
Filesize894B
MD52a913dbd3744e7021cab39a02f60e7e9
SHA16e86a56aacb1c1339fa0d7f332694438a8aa76b1
SHA256118d40b9d4fe561f8cbb4e97e063f0564881efbf9b9db02b57912d659dfe13d2
SHA5128e6d1a93d0e2262020f1ddc493c8fdc402e0faba9c78dd6403de141c2acd182333996a30f1342a5c055796b1aa9d7316f706f4a2c0ff305e9e4d982b482a2548