aafa55831b65c06f4c8e1f3037364862b05c8518ebb7506b826b3e5f71a79b84

Analysis

max time kernel
150s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dig Or Die V0.046.exe
Size

4.2MB
MD5

34e0da6d8448ea13404f35e8c77da607
SHA1

a4bcc0276388057bbb8639634ee2d71cc29b67ed
SHA256

d31a71fe8d11734649f71a1769463a9eafdbfa2df368f318b5f9a13eadad542c
SHA512

c52d187a74333db954e66cd6000a66d010db60142c88e07dfcc429c2f3790da69dde7a963927ad3174dd2496222b4bdd9fba05ddf2d1fde64fa9771533a90926
SSDEEP

98304:tL8q/Zc/BYrge6/Bev98bt3YGJxpwZMtQAtgU5:tRIyZ6Zev98x3JfEfa5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Dig Or Die V0.046.exeDig Or Die V0.046.exe

pid process

2584 Dig Or Die V0.046.exe
2320 Dig Or Die V0.046.exe
Loads dropped DLL 2 IoCs

Processes:

Dig Or Die V0.046.exe

pid process

2320 Dig Or Die V0.046.exe
2320 Dig Or Die V0.046.exe

pid	process
2584	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe

Drops file in System32 directory 44 IoCs

Processes:

Dig Or Die V0.046.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\RPCRT4.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\gdi32full.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\uxtheme.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\apphelp.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\ws2_32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\version.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\bcryptPrimitives.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\PROPSYS.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\GDI32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\SHLWAPI.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\opengl32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\hhctrl.ocx	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\shfolder.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\profapi.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\MSCTF.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\shell32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\msimg32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\kernel.appcore.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\Wldp.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\TextShaping.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\KERNELBASE.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\oleaut32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\sechost.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\shcore.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\psapi.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\winmm.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\ucrtbase.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\user32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\win32u.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\advapi32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\wsock32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\windows.storage.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\ntdll.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\KERNEL32.DLL	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\msvcp_win.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\combase.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\ole32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\comdlg32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\imagehlp.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\imm32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\GLU32.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\clbcatq.dll	Dig Or Die V0.046.exe
File opened for modification	C:\Windows\SysWOW64\explorerframe.dll	Dig Or Die V0.046.exe

Drops file in Windows directory 1 IoCs

Processes:

Dig Or Die V0.046.exe

description	ioc	process
File opened for modification	C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll	Dig Or Die V0.046.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Dig Or Die V0.046.exemsedge.exemsedge.exe

pid	process
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
3388	msedge.exe
3388	msedge.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
3736	msedge.exe
3736	msedge.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe
2320	Dig Or Die V0.046.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3736 msedge.exe
3736 msedge.exe
3736 msedge.exe
3736 msedge.exe
3736 msedge.exe
3736 msedge.exe
3736 msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

Dig Or Die V0.046.exe

description	pid	process
Token: SeDebugPrivilege	2320	Dig Or Die V0.046.exe
Token: SeLoadDriverPrivilege	2320	Dig Or Die V0.046.exe
Token: SeCreateGlobalPrivilege	2320	Dig Or Die V0.046.exe
Token: 33	2320	Dig Or Die V0.046.exe
Token: SeSecurityPrivilege	2320	Dig Or Die V0.046.exe
Token: SeTakeOwnershipPrivilege	2320	Dig Or Die V0.046.exe
Token: SeManageVolumePrivilege	2320	Dig Or Die V0.046.exe
Token: SeBackupPrivilege	2320	Dig Or Die V0.046.exe
Token: SeCreatePagefilePrivilege	2320	Dig Or Die V0.046.exe
Token: SeShutdownPrivilege	2320	Dig Or Die V0.046.exe
Token: SeRestorePrivilege	2320	Dig Or Die V0.046.exe
Token: 33	2320	Dig Or Die V0.046.exe
Token: SeIncBasePriorityPrivilege	2320	Dig Or Die V0.046.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

Dig Or Die V0.046.exemsedge.exe

pid	process
2320	Dig Or Die V0.046.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Dig Or Die V0.046.exeDig Or Die V0.046.exeDig Or Die V0.046.execmd.exemsedge.exe

description	pid	process	target process
PID 3096 wrote to memory of 2584	3096	Dig Or Die V0.046.exe	Dig Or Die V0.046.exe
PID 3096 wrote to memory of 2584	3096	Dig Or Die V0.046.exe	Dig Or Die V0.046.exe
PID 3096 wrote to memory of 2584	3096	Dig Or Die V0.046.exe	Dig Or Die V0.046.exe
PID 2584 wrote to memory of 2320	2584	Dig Or Die V0.046.exe	Dig Or Die V0.046.exe
PID 2584 wrote to memory of 2320	2584	Dig Or Die V0.046.exe	Dig Or Die V0.046.exe
PID 2584 wrote to memory of 2320	2584	Dig Or Die V0.046.exe	Dig Or Die V0.046.exe
PID 2320 wrote to memory of 3308	2320	Dig Or Die V0.046.exe	cmd.exe
PID 2320 wrote to memory of 3308	2320	Dig Or Die V0.046.exe	cmd.exe
PID 2320 wrote to memory of 3308	2320	Dig Or Die V0.046.exe	cmd.exe
PID 3308 wrote to memory of 3736	3308	cmd.exe	msedge.exe
PID 3308 wrote to memory of 3736	3308	cmd.exe	msedge.exe
PID 3736 wrote to memory of 3536	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 3536	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 5036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 3388	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 3388	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe
PID 3736 wrote to memory of 4036	3736	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Dig Or Die V0.046.exe
"C:\Users\Admin\AppData\Local\Temp\Dig Or Die V0.046.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3096

C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\Dig Or Die V0.046.exe
"C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\Dig Or Die V0.046.exe" -ORIGIN:"C:\Users\Admin\AppData\Local\Temp\"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\Dig Or Die V0.046.exe
"C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\Dig Or Die V0.046.exe" "C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\CET_TRAINER.CETRAINER" "-ORIGIN:C:\Users\Admin\AppData\Local\Temp\"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2320

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c start http://mrantifun.net/
4⤵
- Suspicious use of WriteProcessMemory
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mrantifun.net/
5⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b1a246f8,0x7ff8b1a24708,0x7ff8b1a24718
6⤵
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
6⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
6⤵
- Suspicious behavior: EnumeratesProcesses
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
6⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
6⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
6⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
6⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
6⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
6⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
6⤵
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
6⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
6⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
6⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9576579694641543012,6408312281857011476,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
6⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f8ea647715707faa4d52c31ff1065799

SHA1
f4c1559c67d011a386ccb4f93ef51ebd0d332627

SHA256
0ea4d72181efc9159641589baf993278f2d26530ceab1125361452d27ca7e5b7

SHA512
2bf448ae09f38b1fd40b4d148cceb840f06b41585c432eccbb0f8a117b6144fdfd2f7cb37ffb6766bc022dc535059922fde0cebf138835c33de3da35289008c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
668B

MD5
68c7a4f8b6f2a0a15b3ff9ff06a6df72

SHA1
af47b4130c2a7429f62ab05129c2586faa8a1601

SHA256
5a675e1673c1101cf98eaa269db79535022730b212a7a0f5d63d616766d78e5b

SHA512
9c3c3d13847c1b5dc57dad6ea25aa744d9f523bfbb241f92f83139738a0ded7f8b980900cb1882965071b1c50500f6e151406097bc2397b1d67de1fdb74594b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02f66f600397fd375d16611b5aa38f9d

SHA1
ba4d27694b4bcbc42b402dac01da5a4852315aae

SHA256
d50fb7c705d8a325e2f4d0659a66e128061ae6f621360a6f65d32cd8e14c95f8

SHA512
fbf9d42785e2f6f3ab2b44a4157474dd2b8dccb738aed8ecd588790ca97e797cbbe84427aaacc9bd1f25832b457ccbf3cdd134ba52d88eb73d61a8f1172dca26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a742048cb8ed54ddf59ce49f6d6e955

SHA1
e27309cbc020339b1e789142d1195bb1c729c7d7

SHA256
977c7dbb6780111ea22436891317509430449274fa9ff017e00a4814c47c04d4

SHA512
0022d1c915d5ba1103598b18116b7b736958ee1d8d4939d634195d804f050a34b534ae979568e4d203de8acf8eea4687ac7e8e3ef0f97f446f2284e77168f5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\43850fd4-1859-406c-8cf6-0bb028bf4794\index-dir\the-real-index

Filesize
72B

MD5
a3a9d7e1c13bb443799e2904ded14a08

SHA1
0bde1f830fc8f6f520a9fb7b8f7168515b76ed22

SHA256
7c354a108bfc2ffa27ce172640c022b6ebe48fdfeaef1d9578929a3f13bc71d4

SHA512
c1bcaaeef4f9e0632c7930a897dbbe53e4beee7effd3d5f15e39fc33dd46c1b1a56ba612f5fe288fa9aa547a86ba9dd63a9369a939370303d8e2a40f7f80ae75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\43850fd4-1859-406c-8cf6-0bb028bf4794\index-dir\the-real-index~RFe57b44c.TMP

Filesize
48B

MD5
cf30410e2515300a6d90a6950fc4064b

SHA1
798ea934ab45d8d1fde543913e8014de5dfba131

SHA256
5ed415de7fc78b8448fba98e51d4ff65b978b2dce466e45758c84278b407ae7b

SHA512
5c67553ec74d216bdc8bc33238150c96fdcf8ca7fb7efc9f109479237c221b935a494bc21347e16b7ac0341235ab9fc741ff05b1448c5112cd168db427d66a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\index.txt

Filesize
89B

MD5
b41656b9ae054bf11855c7f55586eb8f

SHA1
d4e50764ab2404e5f34c27648a355ca85ed3b8a5

SHA256
fcc42e6e1fb5c7074d3a85e79fa189166d65ca6aac74b83a60f360cbd8617047

SHA512
876b2f4d61615de8f94dd70cf9713820e8b43d0e0cb68bf0ec792ce22fe625fc4d75fec7dfa9524e3fe80b5ce3b9c59078e6d89035ebda34c9bb90b2744fab6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a3d7833f108992ee05ac47ddc9f1b240200bcf4a\index.txt

Filesize
83B

MD5
ed9e4f8bdfa14d43202c937e96179faa

SHA1
6ff3ca092a099ec68dda57c3b84e4c0a7866dfef

SHA256
1a03b686c915dde286e7896d14e0fa63c0794bc9d26081822548e371cc7175fb

SHA512
ab8675b94bc2c708c8e10b02b5e4c1e4615aab4b13cdf381b7b671d569edc114d96fdf0bb4cfdb720c49e149b5273f57d0ee360583c77552512de87e74f028e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7ba9bc4f99cca23112893be12388028c

SHA1
de1b964e70454381f32155b84c8d381cd21eb309

SHA256
02303c7f0fbb4db5a2984cbfa0257676e407870cbf1467b10c024d9d79c8e63f

SHA512
1c696986778fc3edd0d925db0969a268cd189dd2da50d426cb4b6f6ea7f8fc8c83932a0762eb9a71df5f9b747ef3a123c999eb8b52ee52241945e87e056825c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b323.TMP

Filesize
48B

MD5
e7575746330191e301bbbcc42f5f14dd

SHA1
7c806fc8c60f3498b14988858ef62d2069096d6b

SHA256
bc09c0f84307ecfbe514ebbcab535b6a1a2e0da53837aceb15e2d4fc1019f2b5

SHA512
cfb7ad659026b806be3aaaee2db1a156a21bfa851eb7884fa840ad1121e96ea81355795a66eac14605a16eb93aa1ffb20fb7915b107472302f1ff7901be78ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b8dcb738c165770eb782fcc263ccad12

SHA1
dcfb021f99c314511005a79690d7d9c580d9e058

SHA256
58f19a9cddba42079d1475ff46a3570f0dfbc68ac6ec57aea257ed3989afb1b5

SHA512
79a64e760c21422658fd17b4bca350bf21962186a95446c256f703b0c1afba9e30b62be7a3bcc398c4bcd7839c495c0da0819776db8c80890beee02bda80778d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\CET_Archive.dat

Filesize
3.9MB

MD5
613c158c0a58e83bfe37584ab4f55fc4

SHA1
3e958a7f4aa3b43617feed5e1de147f20c9f39d3

SHA256
223a21a3f2f0755c4882af5f0ad8d4f920ebd9dfaa382af2e063161cadee9163

SHA512
7387647d5ad13411946a2f4313113d07a324667c00115c80e53939e58ed74879a02b26265526baafbb9d1c663081081d46d9ad19e66f8d992fb0cde1248df07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\Dig Or Die V0.046.exe

Filesize
196KB

MD5
808de473370ef6b5d98ab752f245a3ca

SHA1
800bd4ad10c17471829693fac3cee4502b14f029

SHA256
65cbed2e8db313b8966638e40eb27f94156c294eb060b28a02c130d146518c39

SHA512
fafaff03ad502523b3627e59e1026b8af4217a80215782a90667bc4f4c330871d8c3d890f2601b68ec9a42c0171d12b9e5b87067c95dcad1132b0a8979c56a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\CET_TRAINER.CETRAINER

Filesize
308KB

MD5
c71567e4e3585f33dc942b885061034e

SHA1
edf409a723064a772187d9ea642361f9305a2443

SHA256
9d057a41531f18335c0a6ff66029cebcb90826244758df48b45e0ceb2c7913c6

SHA512
3d99dd09d9c07a1cccf334af4b9aa7e73424dcf776a785e0a4521e8cdcc5add166e53aa9a98ad5c62129bd9981b87a70f9ed7d6bbbeabc702dc011396f9c7393

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\Dig Or Die V0.046.exe

Filesize
7.3MB

MD5
36907aa4585e7b06a4c471d3bb9ed719

SHA1
6414c458ab2123f186938ecbb21cda359a15505d

SHA256
03b71aca53dd5562683694b754e01652336b40fb9c38efb14f5d09e891df90b6

SHA512
cfaf333cbbb0ddc63cd10237e436c1dead130e2ebc97590c96171d83a2b783a59e025e45809737b9c4f95b66a3a74b75b91fcf6fc1c09a7624177a029d902e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\defines.lua

Filesize
5KB

MD5
d8f9b4a10a48ebd8936255f6215c8a43

SHA1
7d8ff0012fa9d9dcf189c6df963f1c627f2ccb76

SHA256
d4347332b232622283e7dd3781f64966bd1097d06cca7052b467cf99e62898f2

SHA512
67db5dc65fef66fe3a1920c5f406091d17eeae27266039af392a166d63686b8fc61b94684f2b97762995aefa42d2d15148213ecef64cc0df04de19320abba97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\lua5.1-32.dll

Filesize
329KB

MD5
2730ff589ae86ef10d94952769f9404f

SHA1
8010834297a6aa488e6bf90eceaaf9e60bb60c6e

SHA256
faf0850051ba175347e40481da9e2cc3a122a09d428925042932be555db06e6b

SHA512
5fb35eb364603568b67ce0d19371016a382bc62500de807a12492ceacd5d2b765e0908e2e7e9798446b6c005c0e48c0da74c1a0f9d55c49a8ef4eb3c3d1307e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cetrainers\CET5023.tmp\extracted\win32\dbghelp.dll

Filesize
1.2MB

MD5
9139604740814e53298a5e8428ba29d7

SHA1
c7bf8947e9276a311c4807ea4a57b504f95703c9

SHA256
150782fca5e188762a41603e2d5c7aad6b6419926bcadf350ebf84328e50948f

SHA512
0b99259e9c0ee566d55cc53c4a7eabf025ed95973edc80ded594023a33f8273cd5d3f3053993f771f9db8a9d234e988cba73845c19ddc6e629e15a243c54cd5d

Download Submit
\??\pipe\LOCAL\crashpad_3736_VCYJDZQCUMFSSBMI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2320-22-0x0000000007E60000-0x0000000007EA0000-memory.dmp

Filesize
256KB

Download
memory/2320-20-0x0000000007E60000-0x0000000007E61000-memory.dmp

Filesize
4KB

Download
memory/2320-172-0x0000000007E60000-0x0000000007EA0000-memory.dmp

Filesize
256KB

Download