Overview
overview
7Static
static
1URLScan
urlscan
https://llective65.d...
windows10-1703-x64
4https://llective65.d...
windows7-x64
1https://llective65.d...
windows10-2004-x64
1https://llective65.d...
windows11-21h2-x64
1https://llective65.d...
android-10-x64
7https://llective65.d...
android-11-x64
7https://llective65.d...
android-13-x64
7https://llective65.d...
android-9-x86
7https://llective65.d...
ubuntu-20.04-amd64
4Analysis
-
max time kernel
59s -
max time network
59s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
15-05-2024 12:30
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://llective65.de/invite/i=63719
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://llective65.de/invite/i=63719
Resource
win7-20231129-en
Behavioral task
behavioral3
Sample
https://llective65.de/invite/i=63719
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
https://llective65.de/invite/i=63719
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
https://llective65.de/invite/i=63719
Resource
android-x64-20240514-en
Behavioral task
behavioral6
Sample
https://llective65.de/invite/i=63719
Resource
android-x64-arm64-20240514-en
Behavioral task
behavioral7
Sample
https://llective65.de/invite/i=63719
Resource
android-33-x64-arm64-20240514-en
Behavioral task
behavioral8
Sample
https://llective65.de/invite/i=63719
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral9
Sample
https://llective65.de/invite/i=63719
Resource
ubuntu2004-amd64-20240508-en
General
-
Target
https://llective65.de/invite/i=63719
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe -
Processes:
browser_broker.exeMicrosoftEdgeCP.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ab7f07d3c3a6da01 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 805e07d3c3a6da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\llective65.de\NumberOfSub = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 80acc5ed35c7da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{DF918DDC-FB07-4440-A431-1C3361A31D10} = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e00325dac3a6da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e9e009d3c3a6da01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 500555bfc3a6da01 MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = f4a8a0c4c3a6da01 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\llective65.de MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe -
Suspicious behavior: MapViewOfSection 4 IoCs
Processes:
MicrosoftEdgeCP.exepid process 4160 MicrosoftEdgeCP.exe 4160 MicrosoftEdgeCP.exe 4160 MicrosoftEdgeCP.exe 4160 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
Processes:
MicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription pid process Token: SeDebugPrivilege 4464 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4464 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4464 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4464 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 504 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 504 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 504 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 504 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 504 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 504 MicrosoftEdgeCP.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exepid process 4540 MicrosoftEdge.exe 4160 MicrosoftEdgeCP.exe 4464 MicrosoftEdgeCP.exe 4160 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
MicrosoftEdgeCP.exedescription pid process target process PID 4160 wrote to memory of 504 4160 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4160 wrote to memory of 504 4160 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4160 wrote to memory of 504 4160 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 4160 wrote to memory of 504 4160 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://llective65.de/invite/i=63719"1⤵PID:2192
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4540
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:2664
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4160
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4464
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:504
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:2584
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157Filesize
4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xmlFilesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3G5PGBGK\favicon-32x32[1].pngFilesize
1KB
MD598b614336d9a12cb3f7bedb001da6fca
SHA180e6b1159707dd27cccd335831483617a77c9e1b
SHA25602f64bb479a7bd0d7ad052123fcce9c7daf6200f9fb4dccdf5337dbe6968b2a8
SHA512f7dda16b2f1d6b27ba52e4694153a1230a176cdd1e1084a1575d9227c433713b47cdc58c5ea94b04d10e8a3515ff9a2e84beae757271974e1c66be7ee8acd1ae
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3TY4SLSU\favicon[1].htmFilesize
3KB
MD54d42a8cd6f8c451a74f732cf6ec72be1
SHA1578583b49c35515831dffbd933279213ef5d4f72
SHA2560b0128523d58a22cd43c979bfbbb0d87f37ff459ea62a91fc060757cf7715e52
SHA51296cb39782e0f03181ae9400f2a26c53b38612b175285aefac3b4fc776090cfacfe43918539f04bef0f7164ff70681cbb371d888804aa2f8ea2e91c7d2cd933b2
-
memory/504-296-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-307-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-76-0x000001AE5A6C0000-0x000001AE5A6C2000-memory.dmpFilesize
8KB
-
memory/504-74-0x000001AE5A6A0000-0x000001AE5A6A2000-memory.dmpFilesize
8KB
-
memory/504-123-0x000001AE6BB40000-0x000001AE6BB60000-memory.dmpFilesize
128KB
-
memory/504-125-0x000001AE6BCA0000-0x000001AE6BCC0000-memory.dmpFilesize
128KB
-
memory/504-305-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-308-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-59-0x000001AE5A800000-0x000001AE5A900000-memory.dmpFilesize
1024KB
-
memory/504-309-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-310-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-295-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-300-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-294-0x000001AE6BEA0000-0x000001AE6BEA2000-memory.dmpFilesize
8KB
-
memory/504-301-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-302-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-303-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-304-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-306-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/504-71-0x000001AE5A670000-0x000001AE5A672000-memory.dmpFilesize
8KB
-
memory/504-311-0x000001AE5A680000-0x000001AE5A690000-memory.dmpFilesize
64KB
-
memory/4464-42-0x000001B2221C0000-0x000001B2222C0000-memory.dmpFilesize
1024KB
-
memory/4540-16-0x000002634EE20000-0x000002634EE30000-memory.dmpFilesize
64KB
-
memory/4540-272-0x0000026355450000-0x0000026355451000-memory.dmpFilesize
4KB
-
memory/4540-271-0x0000026355440000-0x0000026355441000-memory.dmpFilesize
4KB
-
memory/4540-35-0x000002634E0B0000-0x000002634E0B2000-memory.dmpFilesize
8KB
-
memory/4540-0-0x000002634ED20000-0x000002634ED30000-memory.dmpFilesize
64KB