05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Resubmissions

05/04/2024, 03:14

240405-drr37sag7s 7

Analysis

max time kernel
1786s
max time network
1793s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
05/04/2024, 03:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.exe
Size

1.6MB
MD5

b63468dd118dfbca5ef7967ba344e0e3
SHA1

2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512

007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
SSDEEP

49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2312	SKlauncher-3.2.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4796	icacls.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\iw\messages.json	msedge.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\ntdll.pdb	SKlauncher-3.2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\km\messages.json	msedge.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\jvm.pdb	SKlauncher-3.2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\id\messages.json	msedge.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\jvm.pdb	SKlauncher-3.2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ro\messages.json	msedge.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\dll\ntdll.pdb	SKlauncher-3.2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\it\messages.json	msedge.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	SKlauncher-3.2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\fr\messages.json	msedge.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\symbols\dll\jvm.pdb	SKlauncher-3.2.exe
File opened for modification	\??\c:\program files\java\jre-1.8\bin\server\ntdll.pdb	SKlauncher-3.2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4000_419361572\_locales\eu\messages.json	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6F645890-0481-41A9-B5D2-CD2143858C90}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
1376	msedge.exe
1376	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2312	SKlauncher-3.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 1380	2312	SKlauncher-3.2.exe	95
PID 2312 wrote to memory of 1380	2312	SKlauncher-3.2.exe	95
PID 1380 wrote to memory of 4796	1380	java.exe	98
PID 1380 wrote to memory of 4796	1380	java.exe	98
PID 2312 wrote to memory of 4444	2312	SKlauncher-3.2.exe	100
PID 2312 wrote to memory of 4444	2312	SKlauncher-3.2.exe	100
PID 4000 wrote to memory of 1884	4000	msedge.exe	113
PID 4000 wrote to memory of 1884	4000	msedge.exe	113
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 3704	4000	msedge.exe	114
PID 4000 wrote to memory of 5028	4000	msedge.exe	115
PID 4000 wrote to memory of 5028	4000	msedge.exe	115
PID 4000 wrote to memory of 3436	4000	msedge.exe	116
PID 4000 wrote to memory of 3436	4000	msedge.exe	116
PID 4000 wrote to memory of 3436	4000	msedge.exe	116

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1380
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:4796
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5188 --field-trial-handle=2000,i,11471789752336399729,10863385903208193579,262144 --variations-seed-version /prefetch:8
1⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffa6c362e98,0x7ffa6c362ea4,0x7ffa6c362eb0
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2560 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2656 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3408 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4484 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4484 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4664 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4196 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3892 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4628 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3876 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2240 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3624 --field-trial-handle=2604,i,17080970962393363100,9372702362504673129,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
147771bda86d41725ac27abd4d669639

SHA1
1bbc38e355a2470559abae7496b8e174997a8090

SHA256
c4a444522b8c0fb6674627c7157fe673e1643ef0845af564a391ebcd1e8dc50b

SHA512
4a9c95aaf0f40fe0158de070e701dc5adf73163f4f4ea93f721758c44cc80b3d42727cfc5fbbaec105e4a6b6802aed87e9f392edc5ad5bc8f95c5f614319cbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
88ea3ceed4c3efd04d7d504ea1eb828f

SHA1
a6aea6c2f6f93bba419eb2e09717952c99781de3

SHA256
55de746a8336fb15682ba0a457587d21aba0962f089fadd3b2fe5d24553c6fd6

SHA512
6fee994a349299e82324aaf3078c55f6be490250d1627ca4dfa5e2637084b32e487900f46838d0eabde2b4da412a7fd08c4584f2d17ffdf7a9b3467e38a7903d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
04fa7432fb637d892fc4d0a8ac8ed88c

SHA1
bcd9486ea351f797b59cc854228da8d68572c2ff

SHA256
b9b0e06494bbaaa88ce12574dc9617fdaffdaf0d09eea98f080abb08fe1090e3

SHA512
766bf97b571fc3927e3bddffc3da0a6467330c842e5468762d7f2cdc1a380e122a252b1ed579ca1c2588bae88577a966f76ce7963d18e11d6d7c1e55e7954f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
eb9d9793caa4c7f6bb09ee2c2313a55b

SHA1
05b2c89fa757f307f02a5725fb55a65fc2da38c2

SHA256
4c21cae8ea69b5b98c35c3ec3e03042a0f28e676f4e142cc57e66877c4dc92c8

SHA512
a2f0835ddbe1d01acd693d1dd81c3f2a5ac89246ae799c17844bc96a38dbf944fc9a9f94f5bec6ca5a15037d3e09b4be2326e03c2cdaf425a2506195a584bbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a9f300fef45ef2564cf749a883fa8e0d

SHA1
6504fd1b8d1f0621249f1b9f7d50535d93bf9647

SHA256
0de7f036019dfd75b98472e043f5cdc15b9c16b9c2321765e3d50eb66812cf16

SHA512
6bb6b8224f3fcb0b18d5316702d3f3f5e02eec8b3f1d6a723b8be951e82f68f708fe5bac64cd20bce9da64935adc162bf7f5c0d4045b74e6f306b757ddae8819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
95cc84b9095b305b60dd3906d1b494d0

SHA1
a4dcd9c3ab7653141ef24373709c9db14d082b67

SHA256
950834809a2652362c8ee292e7f92bb049f367f7c2a358183858d20a70f0fb45

SHA512
a2924011c77511fc0219a5c941502bdcf8e512b4793567f4836dba75394159616cf98bb7befd7575b16e4266136c13b8c51e08f05160be63590de12099a3f2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
bc6a7350ebe3cfdc6988c5928e891184

SHA1
67e610e76e3efe360eaa41e7fc73057cf8f5823a

SHA256
b37e9b765b7a240e60382e1d8f23f404e9286d7c5ae834f9a606fb0e2f947206

SHA512
dbe94cb635227b4725ad2537d86604b224835e7f0c257a7ff5da9d379c75f637540f6bfc0184fe0f918807ec7147b66034170833d08559b1cefea4ee70820474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
e52241fa24368461a1ae9be65427f25a

SHA1
6183166c04a771d42dddec13cd53004342bacab6

SHA256
e9df5b8956559bae19e601f8c04d98f90504f1f0bdb6dc2954bb0e8e88d7da1a

SHA512
5d96dd4432256581048c7ba9b711491f0d210b81d39ba73545073f186bc840b56f88fc55660071e408245bd0bb4dd6d6eccc8babb9a7555ae0116a1895b9ce77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
33KB

MD5
7b4f689597b860d3eb980dee6463a6e2

SHA1
a02dd7de581332e9893360391a3f3b7b3bda1381

SHA256
1423205d3a5b28e2a26354868d1a9e4621dc7a17eae07edeb8c441304af5c790

SHA512
9712037dd8b2188af93ea76fca8642f12db16186752f97fb832139d9a9e3f8907bab79e9bd79230f0c0e21f53330bc3c2a7fd4cbfc86e9ecbddcc6449627a395

Download Submit
C:\Users\Admin\AppData\Local\Temp\29f807f5-1002-469e-a7d0-01ffd11c8af0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5900024314000.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
memory/1380-5-0x000001B2D29D0000-0x000001B2D39D0000-memory.dmp

Filesize
16.0MB

Download
memory/1380-16-0x000001B2D29B0000-0x000001B2D29B1000-memory.dmp

Filesize
4KB

Download
memory/2312-48-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2312-43-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2312-35-0x0000000002970000-0x0000000003970000-memory.dmp

Filesize
16.0MB

Download
memory/4444-29-0x0000019824CC0000-0x0000019824CC1000-memory.dmp

Filesize
4KB

Download
memory/4444-19-0x0000019826580000-0x0000019827580000-memory.dmp

Filesize
16.0MB

Download