Resubmissions
10-04-2024 19:04
240410-xrc4tsca3w 710-04-2024 18:53
240410-xjnwcsbf7t 710-04-2024 18:50
240410-xhb56sbf21 110-04-2024 18:40
240410-xbpspabd2s 1010-04-2024 18:37
240410-w9s3bsgb72 810-04-2024 18:27
240410-w3qzdsba5v 410-04-2024 18:24
240410-w15d1afh52 110-04-2024 18:13
240410-wtrjkaff78 110-04-2024 18:07
240410-wqcw1aaf4x 6Analysis
-
max time kernel
599s -
max time network
594s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
10-04-2024 18:27
General
-
Target
sample.html
-
Size
18KB
-
MD5
975aed651740cac29bc0fa6e3992d3cc
-
SHA1
42033f32c97b6be4e446c0a77690745eafc28112
-
SHA256
c7a53cef7508f2abb86996be29a075c2ea63bf09b1bb08e1b1b7a592cf074e60
-
SHA512
53a57fbf3952c5f0e08781879747d059d27a81f58c3f1a9f38c8763ba7aa8d31849e9797092c7624311b626e9aedd4937956bdefc54350ade3d480b04d1eb87d
-
SSDEEP
384:rTqN2DpmReVoOs41N9ylKeGM+U8HhhbG167uS2LjFrSE3+dVJCBXQL:rTqYBVoOs41ryI1M0Bhb68CFrSEMJQQL
Malware Config
Signatures
-
Drops file in Program Files directory 10 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffae2703cb8,0x7ffae2703cc8,0x7ffae2703cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5260 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5296 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4896 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8785039852055692484,5929502348727224750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\The Worst Of All!!!!!!\BonziBUDDY!!!!!!.txt1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\rickroll.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\rickroll.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\Popup.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\Popup.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.rjlsoftware.com/2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffae2703cb8,0x7ffae2703cc8,0x7ffae2703cd83⤵
-
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\ScreenScrew.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\ScreenScrew.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5caaacbd78b8e7ebc636ff19241b2b13d
SHA14435edc68c0594ebb8b0aa84b769d566ad913bc8
SHA256989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a
SHA512c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc
-
Filesize
152B
MD57c194bbd45fc5d3714e8db77e01ac25a
SHA1e758434417035cccc8891d516854afb4141dd72a
SHA256253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3
SHA512aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
35KB
MD5a053b626552864ee4e93f684617be84c
SHA1977f090d070e793072bfb7dce69812dc41883d4e
SHA25625b3ad881a0a88c6228e12688078638fe0b96210d0f0e20721e3c911a5b37dd4
SHA512f7b444b1a1c465a4614cd1b9bd678875251f44e227abaaaf1fa6b35bb67bb25932b9b11cc8fabd19d2d5d6e80c6ad0b15149869e6e41f6345db3d49f08683e36
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD5d2d55f8057f8b03c94a81f3839b348b9
SHA137c399584539734ff679e3c66309498c8b2dd4d9
SHA2566e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c
SHA5127bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD5d404b61450122b2ad393c3ece0597317
SHA1d18809185baef8ec6bbbaca300a2fdb4b76a1f56
SHA25603551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb
SHA512cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70
-
Filesize
3KB
MD5232c6a03c424bd60569a82249e647c3c
SHA151059b9285f9aeb1488c15627c869f447f69814e
SHA256bc3d1a0c170a0b05761c1e449decd0d4a2b792c00ad2e5579be081d161fc5be8
SHA5122b562563f096d186ab4f068dbc44186bd4b55705d3d9c462ae7b4d0155aa75390873f971c419e9584d87871ab1a9b4e00f85b17a704def14769987f725caaf93
-
Filesize
4KB
MD543c0e6150a24a6c8f48a80793b8b53b2
SHA1340cb47bc0fa59915bfbc1f7bda2db01c9415d70
SHA256cc0c1db91e86b5320cb0bb0e4f58a522a8d74614e2c7ef3fbcfc6910e4fe7f59
SHA5123c4775f39ba6fdf47d147ffcec70b275285d88deab917785fb483cdaef236d7729756c14ebb7a7166260173c11f692b9fb380c872722ab9309b6695acc5f5bf7
-
Filesize
4KB
MD55d5292709ac0f2e3dca059dc0f7fefec
SHA14da642c647bec29a581c75471b6da083f7e515a4
SHA256b62a82b3c6cb214eefc4a62c21a667e558f53098beb362701231df79b4270b5d
SHA512a2719a02767c507e6839b885ce5aba0b9854733b6326a6b2f55e222e61fb468316367134eaeecdd4112b2ae9a12c4881e132a42e92a0f723698f951f43f7d90f
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1KB
MD585b7dd2ef629b5311da4b9587946d24d
SHA1ff125bc22fae5883d9b7028df36d0bd29bfd1dbd
SHA25691b10819759fbd3fa8be33fff7de0c70ae94ed9ba774299dd6945019e8593e64
SHA512fbfb659e5b167d982cb1a75f68306e280ba6805a97b424ec23e3a1a8deead0a94cfbfa0ad9bd84690745d71591975bbf1604066dc754e5ebaa65606b891a9ada
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD571fb3e6cece9959a62f9ac2e0a795ab6
SHA124df9f436278b0329046b53046130b0f7aaf0ec2
SHA256f115899bc5e1a0793519884a45ff37cd028dd514102fd439b492660c690cbeee
SHA512ef6a8c074c9dbe11a84db95f82395a8b02db1edf280f2ad6c89ee7c711d0fa734531aeca7da760209565130ca85337fcbaf59cfb408167bf065ff50514e442e7
-
Filesize
1KB
MD54f9587300d3b81de1983a55bbd33540a
SHA1d725f94d83848b9298c2b0b2a23fb17389733b5d
SHA256a1bb78cc5b4b4df696f349983ba3982685c16d05cfb5ef94d0f2cd369fdc9eaf
SHA5126e0b39a64ede476f2c952167fe870d0a9a4d76bda851fdf60230d0f346881797ade4b0beb706a6f4456d3ae364635f61669e3a4fd67db6a006a226c8b9a80c9f
-
Filesize
4KB
MD5a368f4da1f1b0641d26a6e9e4ee1640d
SHA1aa28eac90e39ef2d6be72ce216b916e92181a529
SHA256619085c200b5fa3d4db249fbf6d843c6ab068458aa7665f003b8eb9110fe5591
SHA512c9a34d111bb4e0cb1b9c469ee6413834996f1b069aae4496f1adafa58a7a02299a62779ffec5097cd47a052876c9230817e66a10db7af27a69ccc26f9bbdea6e
-
Filesize
5KB
MD5bc86c3896459379d9f27ecbaf4151dc8
SHA142c2bb88998037b19f4943a88fa269534cb8df6b
SHA256ef3be7cb4368ebb62851d474236e6d51b7e1d58ea54a4fde6734bc1ebab27730
SHA5123de6c89ba02057e911c5b215f67395f8e00778b320ee939b3ef3dda9937e02462f7e044153f71b6b3f12b910490a1ea94d3290fbd52749bef98a189c20c65b11
-
Filesize
6KB
MD5159db21c3805f16a1e9c1d97bc1be788
SHA10d3e0a3f85c83100e0e19943e31ce97c1131143f
SHA25630a3756310802fee954d60a9c2a792a170a9fa53f6d2388d1ecf32828de8dcaf
SHA5123513947c19eedb9ef98230095f723f733127b4e7e14d3017b469e5194c618710a94efcae51ffea012d6f01dc8684024cc39b04570c4db7dfd2012316538adec9
-
Filesize
8KB
MD5b4002dedbf85e7e44c3ece82de7c17e6
SHA17c4859b49883811c2c97ee1b484f27c01b2f21e0
SHA2565086d54a643d18cc459fcf88c286bae27b4f2bd65007f2d76f9fad925eacdde4
SHA512261ac401ab7df6be1cef366a93e5cbe45ebf72792bcc73d802dc17b74d4b5da8b2ecfb1bb576b3767899ecb438e0667257c83e3b7cf2b2939109012e9b54895c
-
Filesize
6KB
MD5ddadb50c69ecff0b874facb550eb6d38
SHA176b0b6920622e4b0405b4e75a9446ebb1f064eb7
SHA2561d6e29063626cf26eaba2038763efe2ca5862f73308720f50fff5899b68b78a0
SHA512480fff9e2cb536be206bd70e211b24dfdfc0a6d930edff163e4f11e0677dc4d11d151bbb38afcbbcbae4bb96901841824437e1fed86927ae720ac627c433a021
-
Filesize
6KB
MD53a1ae4e50eb835539cb0aeab4dd0bd74
SHA1caefa78a2b773524b204520767750cac18b06974
SHA256bfb8e3bff153b2ff595de048d98dc081858f218b0f5c2d5f9c62c5d30d4691d7
SHA512314d5a773a60c9e9c772a95d3b9050ee232de484ea1ab8b4891e88f21613038368c268cf7761d9800cd675de70d80f186e6abd119e25cdafd2df9ff92e33189b
-
Filesize
6KB
MD59edd7176af10f35e09695b87ae054924
SHA16529694d4ceaf7d3c5234d6fbe6c62684ae75ff9
SHA256777448cbd3c37edb2f93856ba4b39ea9b3463622282cebbc075ffc553bedd332
SHA512460fea7ad6d371e39477a38251fc356c803d9e0cff18892506b52472434cf5ffa17aa7231538c8fb63148a68814f546fa24ecc09f21875e1d060e550d5d50c69
-
Filesize
5KB
MD5c56a49d0ff263428f1168e784a35c6a0
SHA177b42ae8588d001cd7022b216043328be2ca507d
SHA256f320508a0d254c7c27dfd90f620efcab22f63101dfe8e6ec338c4d85638d737e
SHA512c8a41046628707be459112ac0f816d8dcf8f7c471b2f0d4a724478d87e483f4e9b111838a3ceecf817ed9b65d48315d4eefa589c51b5baf9586b9bbdcbee3c39
-
Filesize
1KB
MD5b879500a5c164fde058d9ca41f2dc859
SHA16ec126f4f02bac7bc3a54952bf564e7126a63de4
SHA256a7917384f7b38faab6b5a8ad2388c8170de52bb9b3bb54796526aeb5c0df2c18
SHA5125fee1de81b75a883e80c834931ceba4f4c2317a7b14e77bb2b396e0320897361bd28df58ea3b3241e5257486605ee76e8f8a276f02918e7fae388054b93ce196
-
Filesize
1KB
MD50052ca91ffe3112df3a0be9ff5014773
SHA12a49dc0a4acfbcf74826197f5303b9f8b4d755c6
SHA256d7ed0de2703a925732e611b2859e3206cbde8acac19b4c34180ee20f073faae9
SHA512bd8fd5e982ca6fd89d8e4da8ebee740cb1cbf86be8e2df68ee70ae06614a05d0020c3264a952a9af9419dbdfc30540c2838fed9fec23bbf2c95bd7896384e469
-
Filesize
1KB
MD554287fb557a034d8d7b92deb55584573
SHA16f9dd7f41495021c6d3a1cd3b8ce06cb972ff6e2
SHA256c5a631b8c45c96981a2310e5a4899f9133be0ae99ac1635c3acbefe0c3ec4f02
SHA5120d90429efec02e49f513be7b1c03f4a7b8de866cf530672b0985737de708dda86a6542bd5d088dee59ddd96ae0b02c8c2c984affb2ad6b0d46ba2a86605f7a26
-
Filesize
1KB
MD593f453b83a1af9650db3ab5ac9f04b37
SHA1dab6f5e4c7c559387dce3d7b44c4f868b7aa9669
SHA256d89f7b1f55c6ce241d5255209fbfe144f38dbe02c0b96f423c2b5d2e75a834c2
SHA512b68cb3b9bba81a5c75c45fe5ca56b289fd90bf23609b798c74e681ea976ec50c388afdad7b33ab78282f560bffe0eb2343842cd4389605a1de2520aa7ca1e6ba
-
Filesize
1KB
MD50b0bf35cad6b7488d7b4e2d3b47ceccd
SHA1e0b5cc1bc31da0e900a68ec0ff8654cb278fab97
SHA2565af785f343a14d45594e04589619edb51f1eea8f2fd1c89b6d7aa27fdb86ae03
SHA5121b0354d0aabf1023f1faa4136b956aebfa0016fe89258071940851ae29608d348a06ef898effdab5dcbfaad781571a6136943c4d85f4a092ed6102771f86a366
-
Filesize
2KB
MD57cc9a2ad65f1da7c298d4fbb1c530d3e
SHA1d0729698390c3c8aea2609103745e9cebfad65e3
SHA2569d97fb8880f7a41ff6f1f84d5dc1d846f7aa71852200db414750febb6ef399cd
SHA51201465356da730b00ed03fd7d6ae1bb449b503259fd2907f429e39ad73e282c878ab84e980f1dd0933f4a369946b89fad7c5b25eb2fafde06f3acf90859f31176
-
Filesize
203B
MD54b5e7c1ff53c8613ab05031e73d31630
SHA1ef1a9d30507c77b23621d243f3a6fe78d90602d5
SHA2561900636eac43effbb4a93c79b4e4fd6bfdb67b4c0856c8697de1ea4a4f37e6df
SHA5129974d282e5a29e1a9f2de5d0361b4bacedb7ba9c15bf45241c203abed0674812c9bb76a5e215c061c55acf9bb897708fc79dbef739d974e742d9106022ae901b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5372d263ffc92b6a29239eb69d3b4284a
SHA16479602fee4563899dceebfa5d65aa67520a49fb
SHA256d806783a31a717bdbf783151a28b5ad74474d570f8e5a5dec1f594aaa89c4ab7
SHA51208188fc8381c8d1141b8f634a6e313699f59e84e7b97ff82cc72ff9701ca2e4b0c9f44f52e195fab3ff7885c69571614bd47370088741a48f8ca081d177a0fac
-
Filesize
11KB
MD54cc442ea84e763a8dc73691b67bad29c
SHA14dc18b70b6a0f52aa38b5683296046d4ccc59a7a
SHA256ebd43e80613272e3e33a170c7b11ae6aef89ea28ba6ad85cf3b7e765c79642b5
SHA512cf75e42b97e2e22aeb3ec2bec398bfee94d44e76d0173bc6b0c176c515684a05bb0cc99a3e8f8d58bee18a0417f4df5a5e8045a72ff925f8aa7147ed84020cef
-
Filesize
11KB
MD543421c23e9a437b6172cd7ee42c7f3de
SHA17fb291a289ad14fa9e0e6c17ea0a157120fdef59
SHA256a933389b26f4af7848101372863f21810ea8d5ad3c82526737dd9e172f86ee46
SHA5121c0181741ae4c77d0c70c618ee0aed2c4d342e61d3b30fdcbfcd9c8dd56c26e1c25c97699e545c509896e340729e8d4861459474dbf09623ca2e850d5e3a19bb
-
Filesize
11KB
MD5a6aef263fbd537d983fb745d03664698
SHA1d98fcfb857a6f7420d2345199d3dafae6982a2bb
SHA2560a16f023550c0c6c602dbc8b470c1cbe9a14f5a0c395fddf29b6da01a2d99cc5
SHA51258e1a07d2ef26f2e0aab12605745a0abe96b74a080266e8ad1efeb46c9480109b13d378db3fc6a455f9d9ec3c251d835b292139ae147530d5187c2e431e7e783
-
Filesize
28KB
MD52ad4b2a2346b391f7e70ff995c5b0107
SHA1b230b8b0a54eb1f07f9b268003e2448b6c1a6e0b
SHA256a7c55406a9c034a5394222e9f8ffcbe1bbfc698de4c47dafd77f2156cb208180
SHA512f32d92b541316e004e896fafe6f1c71ac00ee314d2de43a46cba0e5e15f9dab339eaa84a9d8aedbf1543e357542d9c3d5ebf2c475d3943b6e88a0ef7c4541040
-
Filesize
10KB
MD5aeaeefeca4f06145755ee6bbce3ca9cd
SHA1618baa53e4c3d1ddd7d588d49bd27144d94b2098
SHA256ffa55c1bbe921f04961eba9443eba3979701a7812eb6c06b6e8af706acab8519
SHA512f3e3c5b58d7d4c2c8aab3eb49a567321f09b0befb5b0c576ab86ee5c3d2603cec6fb5d0de08f3144ec647d756f64f92ddfeed6f1e170dab4913ac4f449e35b2d
-
Filesize
10KB
MD516fc068843d910c6ae84a11189b5370d
SHA1cb70944200defbe51657fb545fe5b596c4588a8a
SHA256ed28d7c367c8722523b773d162906236d18ac64a63671a3cab1b3a00ae8de781
SHA51278fca754a4e665f8bb372700f14f5249b5baf3a77cc79cf3e95d0d9bcacbdc8ca5188976488e63444ff784a474b44c6ee20a3a1699d809b1cdd92c85bb47418c
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
136KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
4KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
892KB
-
Filesize
4KB
-
Filesize
4KB