b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
Size

896KB
MD5

99acc170a89605aba70a74b5f8fe7b71
SHA1

7d784cb369e3714487613779a93bc89abb46be2a
SHA256

b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2
SHA512

a5a3dedd69730ce8809332438516df799916cd468aa2a69f1382a4074669dbf81acf9566a2d872053e4c8a817215b16e39f90d03378f8c7cfab17d1698075d76
SSDEEP

12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgauTB:1qDEvCTbMWu7rQYlBQcBiT6rprG8aWB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
2176	msedge.exe
2176	msedge.exe
1244	msedge.exe
1244	msedge.exe
4324	msedge.exe
4324	msedge.exe
5144	identity_helper.exe
5144	identity_helper.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2176	1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	89
PID 1280 wrote to memory of 2176	1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	89
PID 2176 wrote to memory of 4628	2176	msedge.exe	91
PID 2176 wrote to memory of 4628	2176	msedge.exe	91
PID 1280 wrote to memory of 4568	1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	92
PID 1280 wrote to memory of 4568	1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	92
PID 4568 wrote to memory of 3456	4568	msedge.exe	93
PID 4568 wrote to memory of 3456	4568	msedge.exe	93
PID 1280 wrote to memory of 4200	1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	94
PID 1280 wrote to memory of 4200	1280	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	94
PID 4200 wrote to memory of 2372	4200	msedge.exe	95
PID 4200 wrote to memory of 2372	4200	msedge.exe	95
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 4812	2176	msedge.exe	96
PID 2176 wrote to memory of 1640	2176	msedge.exe	97
PID 2176 wrote to memory of 1640	2176	msedge.exe	97
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98
PID 2176 wrote to memory of 3624	2176	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
"C:\Users\Admin\AppData\Local\Temp\b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb67f246f8,0x7ffb67f24708,0x7ffb67f24718
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:4812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
    3⤵
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
    3⤵
    PID:3536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:3768
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    PID:6128
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
    3⤵
    PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16485825583584891070,13543096032453387315,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5492 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb67f246f8,0x7ffb67f24708,0x7ffb67f24718
    3⤵
    PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13841793207102884355,6399532680058935598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13841793207102884355,6399532680058935598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb67f246f8,0x7ffb67f24708,0x7ffb67f24718
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,4685368040598738332,5242868803578238400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
d8f9468353ec4add6cb8f87d6dc6bfdb

SHA1
450d894742f03af5e3d593c6f65e67a1cb83ffa5

SHA256
6bd7e7e95748199bd374c4ed10a485fc8c523378e54cf4449789ba3390057d1d

SHA512
ad9d94f914610b947862fd2d7199b902a22f1c596e51bac30b4265bad2ac5cd5cd778b6c07717352aa9b576177c4078decdd26b730a25426a1291a1be74f0b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c17eb050dcf5ed76695fe8b54d05a051

SHA1
b6884483bf3494bb58a03f4f72bbfa0fa08940f7

SHA256
725b5995ece210704e7596308a7ffe20119949ffac6b1a6f0452fe2f6f0102d7

SHA512
fdc68e0038d30511fdeb067b917cf29147d09d879834bc55e44b429b6f9784c74c7e34489a854f1f01c3d02d497369ff53898292c68d5716452bf7d3d3257c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bd57ef59584f365d0eb6e52f2925d7d5

SHA1
72188a25f7d6f9d938febeef0ec64e64dc6ae2fa

SHA256
ba4dd4144b39001f5817f6d7b011492483db2353f094ce9e9cb594895463b675

SHA512
f00221a88d6a559811a5b169dc868c24afe2253fe3186ad6be97d8eb72f4fba5b470ea4321c10a4b62e0de4a560f14c717a0fcb492f5a6cbe51a2258d2317951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c4391f1b318699b6e75c8d152b18cb5

SHA1
26c91bb3e1ada5f4c54a515fa682a035b3665e82

SHA256
0e7bf4a8852f25537a8d073f5c45e66abd0091dc98f0128dfe791ae57b5adde7

SHA512
485c730d85ee7ac7ebb2559e6a35da9318706e8a9f3485e7324a2b44fe20577e346cd959a8f36b84a1755c78ae4071e5129632781df4a64a362f5ae94c53594f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6631214f4cd1ea3206277f3b21af3de2

SHA1
d038db2a0fd96e478003c3afe739c9188c0b1bee

SHA256
48a0247be89431df9083354eb3010a4d2d44b8617c024fc449f33702d65f655b

SHA512
d24bd149df282849184d38c651565bc39e25784f1106340be2fef0a557aa5104b60ed127ee8a7a7bd370c6c02b5cd8baa94034f88c075217dc9a94d4b10faed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5c135f35ba12e14734a7b9a0059f9737

SHA1
24855c6c06908817047e7c113be4a3cbf20c7541

SHA256
5bf9be26b1d389c263f3453016274597b912fcf5bbf570515c9b3a0bbbc94fe8

SHA512
9e669c61e895b761987823c75b05b6eb2531ed8ff125aec5ba9ae230bdd5a66f4f33e6461d8725697dcf45c4ce4e6dde9a1ac4b7d75e0e162014e19644ff04f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
b1992fdf6dcddeb98bc21099853c49ed

SHA1
8d554cb914818b1026a1faede847007374655988

SHA256
6de38c27a39a8e94171f41a21d902c2389ba4d27aecf179b2a71214a7ec356ec

SHA512
64ee98e3368de8446694a44194fc813a54008b400ad82f9ed23fba003bac8b2d27492064c1545c9773b77f40cbf2c7de333552e33df6ba809e8babdbd2e58303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
95e6a9d5911b337916b0f5ece1263595

SHA1
d3539acad01f2598251c3f62c46f9e2cb553abf6

SHA256
cba6114448c04faded25460b4c267a4966c23317907adaf5cc38c481efce3139

SHA512
426d30fcad9120caf7aca7edca05552983f96f160d5e8792cd88c5e0a5cf1755a47bf6b4306ba4dd37d80082826dbb0aa4cf1ccd5f28342b9cc3197985bc0c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
bcdb2e86a7d6bdc09503e5baedf23a53

SHA1
30858cdda528f6e940ef327bd4a77a2a54234d9e

SHA256
0c4d400a578c9a0a95db861f95b0e4b72822a5baf0c879ba912bd74bdc98d036

SHA512
6601b1ae908bac84cb6b42f6a48cad251f26d2e74a217de3baeecaf2dccef586fea5b67189e087e708b2ec061fc028c93d855bb4b5f759687fc0e67a666c5451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad66.TMP

Filesize
701B

MD5
07202e0774c7347789f8d9a4ac6329e7

SHA1
63903e493a2d50011a87092af2e70ecdfc794e1e

SHA256
59848e37aaaae5a288db90bd7db40c7c69aee490bdc285ee698bcf37b821cad3

SHA512
aba6de00e0958e99ea2bc4e54a9e4408f45a62d9fb858234151562aeba9361a7191eff664fa3979587089e737a0f1de5cdb7940c724bcca7507d3cf595eb082c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1040e6310b0040881a57ac1c3cd180c3

SHA1
7ae562143697ab71b262665cfc71874a30a8734b

SHA256
732230496ccbc8d9016be54f1258fdda5024512333896890c0d6a5d9c7f7dadb

SHA512
db9cb21f58c51fe823d84601cb13a769e42d4dd9ccc22e669cd2e802759615232fc496af82864c9202e61cc132716dda0f2a6f31664c59e5a0209703443f7382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
99129c11be7f13f32404b76f7185e3d3

SHA1
faef53475cf51780d0183519613b6d04195f025a

SHA256
4b50fcd9edad794cdcdeeb5f367d44af5c4aa6346977d14a50510eb79ccc4650

SHA512
d1290f9206e8edf7411959c5704ed328480abbe8b2cccbb2a3d933cc0e58932f66fe41becbc8a51e85eda254e01ff27e05e8f3c1e47a36e104d225f0091ac0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
81c517887189c59f88e6e14118c46a73

SHA1
1e8fd564810d49176f6b1e602d27c482888be0ff

SHA256
d80af11510df103e162f358839cb4625b2654f763e566a0de38bd81084c60139

SHA512
71e4b598200a6703a768a24156109ca0ce0012612fd5c5960beaeab6acea3f1548cd6d693a8035e995d0e69e89c9f364c1a5f5ae281c37884afdda9fe8c3ad94

Download Submit