Overview

overview

10

Static

static

1

sample.html

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-04-2024 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.html

  • Size

    18KB

  • MD5

    83adf2a9493d0711fcfdaa64b040bb6c

  • SHA1

    fe0b6838b520a6fe0d4c0d75275c08d06ae236bd

  • SHA256

    ee67bbba7c125f2a45b79476ff5e41f29b364f2f22c659aa76f44ef17ae3d7d3

  • SHA512

    c09c190494dc72214b418126dec222640f4654168f7c530cdd70b9331acba797cad51250631e8b5dc9675b0717195514acd5f535d39e256447aef99bf16936f6

  • SSDEEP

    384:rCgPDpmReVoOs4Si9ylKeGMVU8HhhbBqbM7rS2LjFrSnT+SVJCBXQL:rHPBVoOs4SmyI1M5BhbEb67FrSnFJQQL

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204
rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot x86 payload 1 IoCs

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet
  • Blocklisted process makes network request 3 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Program crash 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2408
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc824f46f8,0x7ffc824f4708,0x7ffc824f4718
      2⤵
        PID:1604
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:1128
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:960
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
          2⤵
            PID:3784
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
            2⤵
              PID:5048
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:3508
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
                2⤵
                  PID:3856
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3144
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                  2⤵
                    PID:3936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                    2⤵
                      PID:3704
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                      2⤵
                        PID:5288
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        2⤵
                          PID:5296
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                          2⤵
                            PID:5748
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
                            2⤵
                              PID:6020
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5840 /prefetch:8
                              2⤵
                                PID:5212
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5796 /prefetch:8
                                2⤵
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5216
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                                2⤵
                                  PID:4228
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
                                  2⤵
                                    PID:4240
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
                                    2⤵
                                      PID:1408
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6508 /prefetch:8
                                      2⤵
                                        PID:4864
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
                                        2⤵
                                          PID:6108
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6840 /prefetch:8
                                          2⤵
                                            PID:5648
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:4536
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
                                            2⤵
                                              PID:5784
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
                                              2⤵
                                                PID:5804
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2044
                                              • C:\Users\Admin\Downloads\DanaBot.exe
                                                "C:\Users\Admin\Downloads\DanaBot.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                PID:3668
                                                • C:\Windows\SysWOW64\regsvr32.exe
                                                  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@3668
                                                  3⤵
                                                  • Loads dropped DLL
                                                  PID:5444
                                                  • C:\Windows\SysWOW64\rundll32.exe
                                                    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
                                                    4⤵
                                                    • Blocklisted process makes network request
                                                    • Loads dropped DLL
                                                    PID:6088
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 456
                                                  3⤵
                                                  • Program crash
                                                  PID:5128
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
                                                2⤵
                                                  PID:2612
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:8
                                                  2⤵
                                                    PID:932
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:4828
                                                  • C:\Users\Admin\Downloads\DanaBot.exe
                                                    "C:\Users\Admin\Downloads\DanaBot.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    PID:532
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 152
                                                      3⤵
                                                      • Program crash
                                                      PID:4596
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10178869790284337698,5171582831524023614,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1380 /prefetch:2
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:5976
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:1908
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:1036
                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3668 -ip 3668
                                                      1⤵
                                                        PID:5228
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 532 -ip 532
                                                        1⤵
                                                          PID:5136
                                                        • C:\Windows\System32\rundll32.exe
                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                          1⤵
                                                            PID:1708
                                                          • C:\Users\Admin\Downloads\DanaBot.exe
                                                            "C:\Users\Admin\Downloads\DanaBot.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            PID:5076
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 152
                                                              2⤵
                                                              • Program crash
                                                              PID:4272
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5076 -ip 5076
                                                            1⤵
                                                              PID:3772

                                                            Network

                                                            MITRE ATT&CK Matrix ATT&CK v13

                                                            Initial Access

                                                            Execution

                                                            Persistence

                                                            Privilege Escalation

                                                            Defense Evasion

                                                            Credential Access

                                                            Discovery

                                                            Query Registry

                                                            1
                                                            T1012

                                                            System Information Discovery

                                                            1
                                                            T1082

                                                            Lateral Movement

                                                            Collection

                                                            Exfiltration

                                                            Command and Control

                                                            Web Service

                                                            1
                                                            T1102

                                                            Impact

                                                            Resource Development

                                                            Reconnaissance

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              5e2f0fe48e7ee1aad1c24db5c01c354a

                                                              SHA1

                                                              5bfeb862e107dd290d87385dc9369bd7a1006b36

                                                              SHA256

                                                              f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

                                                              SHA512

                                                              140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                              Filesize

                                                              152B

                                                              MD5

                                                              7e0880992c640aca08737893588a0010

                                                              SHA1

                                                              6ceec5cb125a52751de8aeda4bab7112f68ae0fe

                                                              SHA256

                                                              8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

                                                              SHA512

                                                              52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                              Filesize

                                                              3KB

                                                              MD5

                                                              64fae7031b743389daeabff991cd0705

                                                              SHA1

                                                              1271563b9bafab90b4e7a2980dca38f6a8b2a031

                                                              SHA256

                                                              e98b9181e4738b0fd61cdb0327836f5c6d22d67415251abba5dbb03f3f7925d8

                                                              SHA512

                                                              e3785bfdab4b0a3f3f12d9b660ce3b01cc121c75c6f8c78f200093bef8a50c8685e0280f9744c7f2c6b3854615fe317ed69fad7f3a2c13b0a586cc4a1b1350ce

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                              Filesize

                                                              111B

                                                              MD5

                                                              285252a2f6327d41eab203dc2f402c67

                                                              SHA1

                                                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                              SHA256

                                                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                              SHA512

                                                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              84c32081eed58a9fb705df8803476725

                                                              SHA1

                                                              ae01b6f28ed808226db71c0ec8aab692001e518c

                                                              SHA256

                                                              f17f31af677e87f9fab2b646b7257501d36fdf99a87b229193a26ba4d3fcd187

                                                              SHA512

                                                              98ffc6856d82fc92cd3d52b57544d6ab5641924202b0d48ade9cfc1fbbae35ecfb8b3215b1daebffa5bd5ad82c2081d64f334b3374f5d2ca5897d83067bcf1b5

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              6KB

                                                              MD5

                                                              7dd162ff3e5c9ec60bb5d855e4bcb5f9

                                                              SHA1

                                                              fee8bfaef79b75fc021ff6090a3bde7f8464be7d

                                                              SHA256

                                                              a6f5915c91fffb4deda9f78bef60878f99e0129d1ef89f833222059b6a74bb52

                                                              SHA512

                                                              a04cce28f9eef6e593f693d32bc5e461766d85e0aac7df1010172f9caf0498c67f7db0ccf1e5fa93f08c99792e451f3cac73bd957e56b38a0db2239308062324

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              9b2b49de34849e78ee1c28963979f87c

                                                              SHA1

                                                              804965d11b88e09c943d9cd6779976c1159a1c32

                                                              SHA256

                                                              da3bb2ad9bb019c14f548d61ee847ce2283726c37d7d321c3f86f0f4192a8bad

                                                              SHA512

                                                              16a2c25d39455d835bfbd931e27e75ea237de94f9b2dc11c6277c5fd1aaa2ebafb65a904d938f6efdb736960392840890be80d81bf3a716ce56465b1e42644bd

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              d73ea6b758ccf54ab50441dd9465fa57

                                                              SHA1

                                                              052fc8864c8206a48c373c987f60d3f0dad83158

                                                              SHA256

                                                              cbc3ae5cc06a20883e5b35875a232512b146768e0d2742fdf7df1a32d17c71a5

                                                              SHA512

                                                              4dc54f8ad33075140fa0671343a1045b4876c4c5dc4348f96d9793eb0fab72e38ae5d2daec6adca04f418bc9ada43c765fcac67bb9217dcb97685cba3515b43e

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              6KB

                                                              MD5

                                                              b5ff7e293d86739f3200893d35f2fd53

                                                              SHA1

                                                              c56adf7f6b37abf3c7e3309b46bab1427b9dfad8

                                                              SHA256

                                                              4c42d8267c5181bf48fbc3743697575dcaee953fb8bffbb42ef2c91b6255380d

                                                              SHA512

                                                              1689047423d62e347a30c4018683d2d253fee8a9af0b602bc69565d877886b57234f1ca4d18fb1f7b1b5f5e9ad2e30c2e624dc7eb0ba68f0f42e798c70e59fd5

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              6KB

                                                              MD5

                                                              2707afd884bfab2f3d9c6728db6ee6fd

                                                              SHA1

                                                              bcca949bcd87102dbbee6362e69f2beaf8111ac4

                                                              SHA256

                                                              5de7332fe2b1321b6f551cae0f9e0e0bc8e2f7016a39ce02c501bff63130a2a8

                                                              SHA512

                                                              b246523e312808798442da72989d1f42cfe707f6c780cd11299459a7ce1192034f25db8590e9472b71359395c714a7e6cbde858a8bb56555478ddbe440b2d78e

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                              Filesize

                                                              7KB

                                                              MD5

                                                              53db29a3b40e011253308296502dc22a

                                                              SHA1

                                                              adfafa907e3224ce8286ea3f7ad08c7beade6e7a

                                                              SHA256

                                                              2e6cc614cd2cd6df172f8ccc57743d2af17910eb68ed3bec62d87a40522a5f02

                                                              SHA512

                                                              69ea4d89da2985f0d89e44eb7c3ba06752e6aec65a0c9ee1b98f5bac7b6f3bcd9551813022902a2ca491e1f8ab2c883590031013f5e778deae03671167838f5b

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              8f18e0b4abed9fdfe8026b9ce902ad36

                                                              SHA1

                                                              eb5f59526b678c1c127e6fc002f8e552e65f69a6

                                                              SHA256

                                                              42cb07c7ac4cbd66311e6ba1ed47faaf3ef9b8d957e10b3291575ad70e03e27f

                                                              SHA512

                                                              fc56f429ea90d24e42836492810a5c553298b706c0e7b36705daf001f3c3d54678d472f43c92033749c932a7fc2a786a79cb66ca73d4a08f8251eff26da704e7

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              ccd4bd8098aefb0672825e0e0db65f57

                                                              SHA1

                                                              e6e412ad8c555d3dafccf2eb116ea13455f2e594

                                                              SHA256

                                                              d706f9e78aaf2bced62e856d12a36d40df9354ab3ee2332bf510c5a112003558

                                                              SHA512

                                                              6e86663241713ab16f2d34796b9334aece9126658e99186defc84cdc27fd9b2f71f299d89cfaa35d6d5dadaddd705da3b55b4720f50b55b820ef9a266fc57e43

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              6ad485a43f8caaa96a910ca5cf193a1f

                                                              SHA1

                                                              d2f032b5b60e0749838c80ad86c6507e785ba76d

                                                              SHA256

                                                              090b6fea014cf092c38e96cdc2473f9ea44a698f4ef9c197c14704392fc3bf3f

                                                              SHA512

                                                              d4d7ccea06cc195835f3d11be7e2f13654d77e2a5c1c4d2cd604ba6897a1c15f5ceb5612a0d304c9cf2047a75f01358169f6421418119f49d5ad0a95623c7346

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              cdb78dea8058f04d4a361faa2aec5dac

                                                              SHA1

                                                              1403254a3598ec092425f9ae9bb48e1da2338137

                                                              SHA256

                                                              d16f6c4479c2d57501514d448b1acff423c8459cf6920a686b772b08a666a18e

                                                              SHA512

                                                              7e1601b268a8fab19df814b2e9743b2bc9ca4ec0da356949f36e5a8c999d457fd49fd1da39e009d95923cd00a7a506aae55e71542f6b813359c61fcd82f440c2

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                              Filesize

                                                              1KB

                                                              MD5

                                                              4d0d3ea44fba4980a0230dfb75e794d9

                                                              SHA1

                                                              be88ad656857533e3fee1d5278faadf131fb07d7

                                                              SHA256

                                                              bd4df628af284068d7b303fa5250e405a9175c380b6f0c7392b2755e4eb82a53

                                                              SHA512

                                                              74cc4771a4cbddf316f9e1bad3472b25d20049d699317a7eb10fdcb1bf0bccc40dabedd8b374b25b71c01b42fcb0fbf1cfdfe38f3d876c81b0cb8507ef121993

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5ad.TMP
                                                              Filesize

                                                              538B

                                                              MD5

                                                              ed16798b982c6c4dc338613da36def3e

                                                              SHA1

                                                              40fcfa5d49a1e5c7522858c0c9250dfe8e82bdf1

                                                              SHA256

                                                              2f3d30ef1b1325a7da620654de6e7c0d972ef89d374ddc0c42233f98ec50f79e

                                                              SHA512

                                                              cbd5594c504a0da21c46135804d4ba69d2520365642ee21decc88073150130dd411faaf3d6864ff08ee8c40114ac9f800f338fc4804154de0408ae9d2d214338

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                              Filesize

                                                              16B

                                                              MD5

                                                              206702161f94c5cd39fadd03f4014d98

                                                              SHA1

                                                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                              SHA256

                                                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                              SHA512

                                                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                              Filesize

                                                              16B

                                                              MD5

                                                              46295cac801e5d4857d09837238a6394

                                                              SHA1

                                                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                              SHA256

                                                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                              SHA512

                                                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              d63004f5ae6ad68d08a7550c1726a58b

                                                              SHA1

                                                              fe3e60d95f85a9bda7f3584ca86da4ac7f414709

                                                              SHA256

                                                              523a8863378b9aff9cd6a7c033b06bb4a9ddbb821cdd7c0601439e1e1303fba4

                                                              SHA512

                                                              a4aba8f7b2ef591e64afc2e202abb056f3212f822c7b15670c16772191563a60514855c8e19cb188de934fdde7a2250be6fc4108c991b78dbbe89232b55abe21

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              12KB

                                                              MD5

                                                              03c8160fb0256f135477dbc453ae600c

                                                              SHA1

                                                              7559b11123fd2d35eb624b555cf8ff4b83cac50e

                                                              SHA256

                                                              5580be9c5a32841bfc3c002f62e604076c36a7985e2742bf4b297087dac00dd0

                                                              SHA512

                                                              74bb1b011c1c4f42ead905a6416cfa9fde8448e9f96b870cbc7663857c000d73aa6b3bed49b35eede27fa93510d1183295c070990f9abadc3230f294a3f4e2bc

                                                              Download Submit
                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                              Filesize

                                                              11KB

                                                              MD5

                                                              b92e10593bb0da5f0637636b2057efd2

                                                              SHA1

                                                              1c4a01b8ed1731521a3c49bd823a68f290ebabd9

                                                              SHA256

                                                              ba0ba4de4edefc9a24e98861be50fdede64658b2e65789b7a4de6c47a4f9779e

                                                              SHA512

                                                              309b26fe39eb117c6c8846377e75715e1ed76edb02dfe9a652eb8a4125187e5f3dea53d33ea76b85f33673572655020a4eae066a4e598fb8968bd70d46ae8c26

                                                              Download Submit
                                                            • C:\Users\Admin\DOWNLO~1\DanaBot.dll
                                                              Filesize

                                                              2.4MB

                                                              MD5

                                                              7e76f7a5c55a5bc5f5e2d7a9e886782b

                                                              SHA1

                                                              fc500153dba682e53776bef53123086f00c0e041

                                                              SHA256

                                                              abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

                                                              SHA512

                                                              0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

                                                              Download Submit
                                                            • C:\Users\Admin\Downloads\Unconfirmed 927076.crdownload
                                                              Filesize

                                                              2.7MB

                                                              MD5

                                                              48d8f7bbb500af66baa765279ce58045

                                                              SHA1

                                                              2cdb5fdeee4e9c7bd2e5f744150521963487eb71

                                                              SHA256

                                                              db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

                                                              SHA512

                                                              aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

                                                              Download Submit
                                                            • \??\pipe\LOCAL\crashpad_2408_UHHDQHFCKMNYQVFP
                                                              MD5

                                                              d41d8cd98f00b204e9800998ecf8427e

                                                              SHA1

                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                              SHA256

                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                              SHA512

                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                              Download Submit
                                                            • memory/532-651-0x0000000002770000-0x00000000029EB000-memory.dmp
                                                              Filesize

                                                              2.5MB

                                                              Download
                                                            • memory/532-662-0x0000000000400000-0x0000000000AAD000-memory.dmp
                                                              Filesize

                                                              6.7MB

                                                              Download
                                                            • memory/532-652-0x0000000000400000-0x0000000000AAD000-memory.dmp
                                                              Filesize

                                                              6.7MB

                                                              Download
                                                            • memory/3668-603-0x00000000029B0000-0x0000000002C3D000-memory.dmp
                                                              Filesize

                                                              2.6MB

                                                              Download
                                                            • memory/3668-592-0x0000000000400000-0x0000000000AAD000-memory.dmp
                                                              Filesize

                                                              6.7MB

                                                              Download
                                                            • memory/3668-591-0x00000000029B0000-0x0000000002C3D000-memory.dmp
                                                              Filesize

                                                              2.6MB

                                                              Download
                                                            • memory/3668-602-0x0000000000400000-0x0000000000AAD000-memory.dmp
                                                              Filesize

                                                              6.7MB

                                                              Download
                                                            • memory/3668-590-0x0000000002720000-0x00000000029A8000-memory.dmp
                                                              Filesize

                                                              2.5MB

                                                              Download
                                                            • memory/5076-678-0x0000000002710000-0x000000000298D000-memory.dmp
                                                              Filesize

                                                              2.5MB

                                                              Download
                                                            • memory/5076-679-0x0000000000400000-0x0000000000AAD000-memory.dmp
                                                              Filesize

                                                              6.7MB

                                                              Download
                                                            • memory/5076-682-0x0000000000400000-0x0000000000AAD000-memory.dmp
                                                              Filesize

                                                              6.7MB

                                                              Download
                                                            • memory/5444-597-0x0000000002240000-0x00000000024AB000-memory.dmp
                                                              Filesize

                                                              2.4MB

                                                              Download
                                                            • memory/5444-598-0x0000000000830000-0x0000000000831000-memory.dmp
                                                              Filesize

                                                              4KB

                                                              Download
                                                            • memory/6088-626-0x0000000002600000-0x000000000286B000-memory.dmp
                                                              Filesize

                                                              2.4MB

                                                              Download
                                                            • memory/6088-601-0x0000000002600000-0x000000000286B000-memory.dmp
                                                              Filesize

                                                              2.4MB

                                                              Download
                                                            • memory/6088-672-0x0000000002600000-0x000000000286B000-memory.dmp
                                                              Filesize

                                                              2.4MB

                                                              Download