Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
15-04-2024 21:35
Static task
static1
Behavioral task
behavioral1
Sample
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe
Resource
win10v2004-20240412-en
General
-
Target
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe
-
Size
896KB
-
MD5
e75bd457a2fb13fb20ebca1ed0794fa5
-
SHA1
804ffce3af6e77feac049cfd91e1fa527e23ae8d
-
SHA256
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e
-
SHA512
222770617d0c62c774a7fbd8b58352f30a6e7eb0dcfb5bd67fb5124168d9f66586210c9542f363762156ccef153d9932e0017fbaa16de3e13db601ce7894e408
-
SSDEEP
12288:HqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaRTc:HqDEvCTbMWu7rQYlBQcBiT6rprG8alc
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2484 msedge.exe 2484 msedge.exe 692 msedge.exe 692 msedge.exe 332 msedge.exe 332 msedge.exe 3956 msedge.exe 3956 msedge.exe 2632 identity_helper.exe 2632 identity_helper.exe 3308 msedge.exe 3308 msedge.exe 3308 msedge.exe 3308 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
Processes:
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exemsedge.exepid process 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe -
Suspicious use of SendNotifyMessage 27 IoCs
Processes:
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exemsedge.exepid process 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe 692 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exemsedge.exemsedge.exemsedge.exedescription pid process target process PID 2064 wrote to memory of 692 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe msedge.exe PID 2064 wrote to memory of 692 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe msedge.exe PID 692 wrote to memory of 4920 692 msedge.exe msedge.exe PID 692 wrote to memory of 4920 692 msedge.exe msedge.exe PID 2064 wrote to memory of 2284 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe msedge.exe PID 2064 wrote to memory of 2284 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe msedge.exe PID 2284 wrote to memory of 3864 2284 msedge.exe msedge.exe PID 2284 wrote to memory of 3864 2284 msedge.exe msedge.exe PID 2064 wrote to memory of 2268 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe msedge.exe PID 2064 wrote to memory of 2268 2064 5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe msedge.exe PID 2268 wrote to memory of 3800 2268 msedge.exe msedge.exe PID 2268 wrote to memory of 3800 2268 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2040 692 msedge.exe msedge.exe PID 692 wrote to memory of 2484 692 msedge.exe msedge.exe PID 692 wrote to memory of 2484 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe PID 692 wrote to memory of 4016 692 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe"C:\Users\Admin\AppData\Local\Temp\5a592911a09ce19c6525322e68844383f1221ba3cd64ec061a7c51e042c0021e.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f9346f8,0x7ffb1f934708,0x7ffb1f9347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4139572579994006460,11871141046097190235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f9346f8,0x7ffb1f934708,0x7ffb1f9347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,1542681240405191674,11382346761563520007,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,1542681240405191674,11382346761563520007,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffb1f9346f8,0x7ffb1f934708,0x7ffb1f9347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17496648540989349477,3089267738781459468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5bc2edd0741d97ae237e9f00bf3244144
SHA17c1e5d324f5c7137a3c4ec85146659f026c11782
SHA256dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041
SHA51200f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5120a75f233314ba1fe34e9d6c09f30b9
SHA1a9f92f2d3f111eaadd9bcf8fceb3c9553753539c
SHA256e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0
SHA5123c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
984B
MD568c5a4bed32762580f2d9868bb11e6ed
SHA154487fccef4d51ec18b00e4b93bca1ba754df446
SHA256533c401d119dcfeea3c999180d7523b1190f998fad5a8e6624f5fbda44035733
SHA512afa9fb0b349487a46c3b3106935466aec386e95a877bb1b9705fc381afd6256ba4838a65bcbce854733142932615043dff566b48123217008ba757ea889e0638
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5cd200da3a244b800bc2cda6dc437fd66
SHA11c9aa2fd9d43d063a33ca6a7d464eb99e1cec017
SHA25600ed7dec05420ec1d7cba9610b3208dde24480107e31beff1aa3b7310e2fdd54
SHA512f5eccea865181309580741336fe7031351c5fb44630dc292925a95f9f7639a740cc6fe3f9c3c0ecb1071ac591f593d89a7419273d36496fdd4b87438b79e282b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD561265c9a3b734b47d03fcc7a3756531d
SHA17c6ffd21f3f8ca66d9ea77aec097c0701a9b4bba
SHA256118359152ce4fa6128e582a4cda5a506a1e8a7650434f622091fbcadc7b0ca28
SHA5121b7a25248517a0205638c354d3f7a39054aff2ab71b14972eb1ee9ef56b60659157aa6d81545358600da08e4b59f7ee1d0e73a179828b1c87c01ed0792d5beae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f8bd1c383a18585f4e1fbac9c0edd239
SHA1582aaee9af0becb4b782912df74f00e045d4d4e5
SHA256a6d0e41e9d2f13c6ba482e14f7d96375690a81617c7421bc8b61af5a100b937d
SHA5127875cbed59a89685331ce2f4a7565a00005df703dcb82393b8138d6e05aeaf5d5c5269fc98bce0bd194c8648b982ed5f07509d094ca155a1b33a1c02b62494f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59e1b1cbacb178c8ff28ee0e7882545ce
SHA128ec8b622e0e669f474bccc10c00da4eb82ae2bc
SHA256b68b12a0c0392310431af7e38e60e9de78a29cfa01d54debb2c93e19a80a362c
SHA5123a691672b0447d7c0580844329409b7976f1852636c02d9e8c6b66b4ee449a2310265ddbceff08c14f40b654724e8839eb23060c26cb06fc94c2a343419cd1ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD54888badd7dd57bec710a152686298434
SHA12dbbbfbb1da19a685f39ae6f74eff51404b2e866
SHA256629940bfeeea29742b3db173f28a5f67b1bf69c7e3d8b6e1a47ba6a7f663cf77
SHA512e8535d80c055e594ef45db5740c6420fcc32b276d322bcbd56a771a83bb628d8c437c47bf76d097a72cfef03eb62c7f5b5525367d8d7a5e28f1a8a828bea1b0e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD5112e49877875712de59dc9582ed14e6f
SHA15c646c7dfbb1c8a716e888389841c42e67bc4749
SHA256b31e4f4e72f011e64375efd8388c7c64709bf10d2507d3854b272cb4113a2d74
SHA5125fcefbd3dc09bf5ff38b40f7b5e84f75210bf17f56f2936d1cf3876c44cb0fd9b5f7985e94e78c0981ede824dbc082479a671bf70610963eeea87e0c45f747a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD564eb42d8b6b28a4d81644927a6cf0796
SHA1f0d66bf713028b2bddc1b07f57f0b7d0958487b6
SHA2569e3a25d1fb508fc31a28d1d229928f68776112a7fdce3d78028cd03dc585ea93
SHA512a3844e2b7221318185d86aff4db17c5abc4511d5488ae977d220b1ab6b75241e5ab9af697ed095706484d6f6c02270fea3ad0a00ca319822a7ac0bc21acfee24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD58801edeaf80f9592b0e43a84c98c5b54
SHA1f9582f7eb68ec9b491144a94f5d922fabd7359ab
SHA25649c8f0d3ddb843cad22cab586c9b9338b7bcf48ffa504634f42636eab6e54a05
SHA5125972b959a8ccb17efb87cb91232a1c34affc03ef80100bf155fb90151ecac2c10bc7797d09c0d31f111ab806eff0443adc904edeffc0f5c2d48b834004dd5e4f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c92c.TMPFilesize
707B
MD55de443dd25ee0829aed9bc7f798db1f8
SHA19b59f776d0c278c2a488b20067c3c29d146c04d0
SHA256372094e294bf64ba3e1ae016a68dccad3e7edf1580c30c11d27864b59dbd423b
SHA51216a54912489d5e08ba3972f190f16c456f998d442686bc161a2315d171abe75974abc7ed53beb1f1d89a59cc249d3c53d05cb1c3577a8d8f86497d34eb829d21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cb0cd93a7e90a5cb0d85aa842bc30cf1
SHA10dffeadae62f7546c461cd6ae8b581c588b1423a
SHA2565115f3d09edcca084e190e1ae583eb29d11687d37c76ad086bd8cd3a587185e9
SHA51201e79922f04494855248b411acf1d381b4a3c22443bb58e503db4230574dabe088bb4b2cce7b1604975a5165bfd2952d872c04916f9e4017820296ccb002f297
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5576497fd6e773709e042e5ecaa7c8820
SHA11153156f953489cda84e6109b8ff7544469617c5
SHA25635f8714e0bd1a8b476f78eaf4abe76570cf5ad1ca4f53ed0030c363f9ab7674c
SHA512caf3d597a99c8fc8c457bde06fe4abd40c7a5238cb45257ed021851d68cd0100a70530587b5e752229cfa941ac81531bdb1804ff7258b49b7f3ecb126204f208
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD501e8ea13f7cb2b59519223c8d51997a6
SHA1a0fda7a184fe41a80463b6d9468417527e0d95dd
SHA25685108a2aeafd1e58eb428466f4db2ef55c1160ccb975b811188c00d765a2cf94
SHA512fd06a8f98a271955325220f1d0e7afe7f30977805159e52286f7483e3159e9ffff9993061a9d068a1fa28712fc34546251b501eb296be70789fdbd9a3328ddd9
-
\??\pipe\LOCAL\crashpad_692_DELIZSIWYADBASRPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e