hxxps://www[.]mediafire[.]com/file/5emsm2zk7hp49rr/funy[.]zip/file

Analysis

max time kernel
1031s
max time network
1047s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 19:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/5emsm2zk7hp49rr/funy.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596719151374388"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{28D80873-F0DE-4764-9FFC-B6CA49CB344D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
656	chrome.exe
656	chrome.exe
5336	msedge.exe
5336	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3448	7zFM.exe
4156	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
656	chrome.exe
656	chrome.exe
656	chrome.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeShutdownPrivilege	656	chrome.exe
Token: SeCreatePagefilePrivilege	656	chrome.exe
Token: SeRestorePrivilege	3448	7zFM.exe
Token: 35	3448	7zFM.exe
Token: SeSecurityPrivilege	3448	7zFM.exe
Token: SeRestorePrivilege	4156	7zFM.exe
Token: 35	4156	7zFM.exe
Token: SeSecurityPrivilege	4156	7zFM.exe
Token: SeSecurityPrivilege	4156	7zFM.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
3448	7zFM.exe
3448	7zFM.exe
3448	7zFM.exe
3448	7zFM.exe
4156	7zFM.exe
4156	7zFM.exe
4156	7zFM.exe
4156	7zFM.exe
4156	7zFM.exe
4156	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe
656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 1812	656	chrome.exe	96
PID 656 wrote to memory of 1812	656	chrome.exe	96
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 4344	656	chrome.exe	98
PID 656 wrote to memory of 1776	656	chrome.exe	99
PID 656 wrote to memory of 1776	656	chrome.exe	99
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100
PID 656 wrote to memory of 1948	656	chrome.exe	100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/5emsm2zk7hp49rr/funy.zip/file
1⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7fffa5b79758,0x7fffa5b79768,0x7fffa5b79778
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:2
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3236 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1896,i,16603785500215045188,7964578470736708316,131072 /prefetch:8
  2⤵
  PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1408 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4852 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4612 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5860 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5996 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=3288 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6532 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6396 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6564 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6248 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5564 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6952 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=4896 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7540 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7540 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=7544 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7fff9f0a2e98,0x7fff9f0a2ea4,0x7fff9f0a2eb0
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2224 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2352 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2488 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4624 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=560 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4620 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3208 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3860 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3788 --field-trial-handle=2228,i,4283427029301798284,11090670043153498463,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3656

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\funy.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3448

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\funy.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
705B

MD5
c15e2a04394f587aca576373fabe8e54

SHA1
eadf60f57f48f615bb9b89d48908c3b28fe13861

SHA256
731a75d48f4f905ddf779267bc62a686f2d9a9cea574254854301a18b9278f29

SHA512
822b12a96eedd1b98f943628bfbe01867c889d19153b5e5bf2f205b590b3a8411bae07b73abe3b6ded25fb94b1edb82fd293277cccd55a6a7fababc23f3fbd18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
cd516e44f1f5f3973721850e48dcd65c

SHA1
bcd2dee283e1706176741b289c0bec500c584d8a

SHA256
00f81571a561de64ee65c37bd92711bb2161b0af1afb6c575b4cacd3a764e423

SHA512
411b754dc52412cc7b2cbd5c44b2435781961f462ef95ce5048902af09308fe4d431388461a66706d83ccfaff121e0feeb9eec04d6d798fb0bef769a3c7abf15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
58f5db48794f8099e63dd134dbd63dcd

SHA1
843af7ee9dbd5bf095d87e377480c73a0c1dae3d

SHA256
00a8d279fad6c4ad5e0e5a90e5add3f1b448e1d71fcbcb4f6199654df0dbdd86

SHA512
74c2d7e89c9497719bbb20c811df06f369abc565f0da258cf975abc972dce9e499f955afa91da6d5da4c3b31309ac96cec07583b33a48e54a5371115b4a20258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
265KB

MD5
aed7a3fca2f7ab803b104f5bc464ebab

SHA1
a90de3a37027b120f4ea77607e6d5f431afb1fa2

SHA256
2f783486a7914281b0c8e3adbf5d6e79f536779bbe19d37d75150c0cc8c05be4

SHA512
7522993c5bdde57f9d6c7b8ae167c59439ad703481200b8aba0cfb8bb7074cdeecaca1f0cefd45f10a103929fb0091b6d3984fdcc21be645dc78589598eeb327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
a4be9159180ef50056118ae1c060c772

SHA1
0805d90222282a205c0e83b0849a266289aba21a

SHA256
3c11bbe16c75203531cd4ef0e1fc32f76a8f354215276147ac345b990fc76ba0

SHA512
c22b81b3ef81188d5dbde8e3ae5768064daeee9d08f149bac62503997d8219a14ef71a61d1a07bd6d0c68a240de20972bd39840104b21cb123112accf19c24cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4d2d4e6e-5d7c-4b1c-9550-f30cc53e0cdd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
e443c890fdbef640262e72aa69976c31

SHA1
f28fab17ebb03b44c1047f0d7f950ac44217ce1a

SHA256
b9513c1e07181060f9c435a2e2c232c3fc60cf1aa5d37ca12c3248d17e0d7487

SHA512
c234f0684e6ab5a7518b9c7d2da9f4510fb3996525ec81f4c3c80c81f4030cce649a24171ecbdcb6012fba1d567920fc6686f97948dd3306050c1dfbea1aae7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
a1cf9b5544b7b1a95f40ac824d022966

SHA1
26e46be81d9550330766643188958b45b900d811

SHA256
916ffc1f145ee4fef6d9c1f5e4761a0135054f69cb91f607ca4031fe74238f03

SHA512
72b9c50226cbdb74713bea6e979fe9e115c36858a2ea64aaaa47ed3a490e72da9126b07bb0f424601f5a924cb3ef4b022813910234650a687562e4aba993f0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
43d923566b06aa9efe66d34708357610

SHA1
5a42fee35e6f5693450238e9095f946c6db2f4c2

SHA256
58a6e84caf7a283cc31dd5e292ae2facf350f81b50f4bf8aeba5fdf3150d8a12

SHA512
f13a684def993ef2f79dd693ab7dfc2ec91d032132086ce6c1967b4e02b9919b0de2ffd2b8c42ebbbeafe7f2210e17e78fef990db7db3c2f472d110be4b35288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2e7cbd85bce742ea649c90fb4132a70e

SHA1
9923f44f140b80fff511af8a13fdf8a928bd369f

SHA256
3dce988795e7d12650664c6b4b29264881b670439cdd4ed946484f2fcd14f3ba

SHA512
27d1896c8de123c923000b4326eef40946e7f9412fe1a767fd3ffaeef7297788f61ccf4f67461a94de18e1818f1355aceaec44af63edd6bdf05346382a3f9ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
50c2e62c49cb72b4b99342c5722623b2

SHA1
81f572dccebdce4790b059d05171cfaa626a43c3

SHA256
60ceaa9c8b7aa151b0b9d53e4fba65ef818082ee621a0fe67710c88a36685ffa

SHA512
2bdba64a4679ebdcc1c4e78bf4fe157c9dc2ad1489ca6374903294fb3a71499a989473ff3608f03ce5dd01de5972453f6c9fae4201f456954b7290c899feb593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
f97b024f89c8d935d3c60ddb3179f4a7

SHA1
1da92e34743e8ebc9b25d428f229fc6048b6ce8e

SHA256
bfed67eb0c726dae725b6bade41db7dcd3b90435d0380ce7a643a692decd0e1c

SHA512
a57c94b5a8d4f01a9b3a683db0b9fb33f3540d434848695430417a96ec000bde0284fd6f05bf4cf8b51eaaa8ceb4f71cb556c03a5b3eb5fe8f3f3c93b6a37135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
73KB

MD5
953b8c330caf3b3807a75f0d07dbeac7

SHA1
89c3ff09d2b979b6aa0c8041db3f07cbee170db0

SHA256
cabebf423f17eaa7adbc5f3123ca514a4752858ba4e0d73d78cff62032fad274

SHA512
8cf5d672131e6fef2c90778fb181f4bda1cc26b2dcf9195e3844f8d8a84028a5657a88448fe73eb550a74e609c2de5f92b50b0794d19825b5286d95d80fff6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a0b858a8-c58b-4e9a-adc4-041dd7088db6.tmp

Filesize
63KB

MD5
c31ba1a14e21ea1f787f5b07c39145dd

SHA1
3050678961e9145e6d7e40b85632d7c676241292

SHA256
e9447824f8731ecd053b43e7792954be60c4a9b50c37efe28fe530034e04e522

SHA512
3b50cdaefb583b0c7d9b549cb353539b52fed4b85e33fc7235116381a0871a337f83a965a8625ed4843549f737986d034761606fff20edc5ca950b539dd34da6

Download Submit