Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 02:17
Static task
static1
Behavioral task
behavioral1
Sample
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe
Resource
win10v2004-20240508-en
General
-
Target
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe
-
Size
146KB
-
MD5
5d4592a1b5c1c6c2bfaf30cd21f74543
-
SHA1
2edfe9c61625b9d91c6bd3ca850603eac78fadce
-
SHA256
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf
-
SHA512
bbbe6b210c4bbb1648e74e717a9e42754761684198d2ece2845222f20fab6cd0f9054a1e8d937ba52723bd7fe5fc2040d701c9d7c5b62575f81cfaf8d0bf64d7
-
SSDEEP
768:Qy27A634zIWia9NfuyigGsc5ijv3x20ZitccG0U/AjGL9eOnXaIZdgGtmDw:Qy27AGu3zfuyignXz380ZitccnwcOYs
Malware Config
Signatures
-
Detects executables containing URLs to raw contents of a Github gist 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2244-1-0x0000000000E30000-0x0000000000E5A000-memory.dmp INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1337824034-2731376981-3755436523-1000\{F16DA373-94E9-4535-801E-9CC755ED129D} msedge.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe 536 msedge.exe 536 msedge.exe 4104 msedge.exe 4104 msedge.exe 4072 msedge.exe 4072 msedge.exe 1560 msedge.exe 1560 msedge.exe 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe 4916 identity_helper.exe 4916 identity_helper.exe 5032 msedge.exe 5032 msedge.exe 1300 msedge.exe 1300 msedge.exe 1300 msedge.exe 1300 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
Processes:
msedge.exepid process 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exedescription pid process Token: SeDebugPrivilege 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe 4104 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exemsedge.exemsedge.exemsedge.exedescription pid process target process PID 2244 wrote to memory of 4104 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe msedge.exe PID 2244 wrote to memory of 4104 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe msedge.exe PID 4104 wrote to memory of 3944 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 3944 4104 msedge.exe msedge.exe PID 2244 wrote to memory of 2016 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe msedge.exe PID 2244 wrote to memory of 2016 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe msedge.exe PID 2016 wrote to memory of 2988 2016 msedge.exe msedge.exe PID 2016 wrote to memory of 2988 2016 msedge.exe msedge.exe PID 2244 wrote to memory of 2624 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe msedge.exe PID 2244 wrote to memory of 2624 2244 be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe msedge.exe PID 2624 wrote to memory of 2236 2624 msedge.exe msedge.exe PID 2624 wrote to memory of 2236 2624 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1168 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 536 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 536 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe PID 4104 wrote to memory of 1920 4104 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe"C:\Users\Admin\AppData\Local\Temp\be1d3cd23c551d3e4bd8cfceab3670fe6f8165aebe6edeae2a6281e65c229dcf.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://easyexploits.com/redirectad22⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4f3746f8,0x7ffd4f374708,0x7ffd4f3747183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4164 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5320 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9675629729941161626,15259110331548752944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5828 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/9APgdkhTEk2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4f3746f8,0x7ffd4f374708,0x7ffd4f3747183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8252605247023094534,5929826170848803070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8252605247023094534,5929826170848803070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://easyexploits.com/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4f3746f8,0x7ffd4f374708,0x7ffd4f3747183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1528,3485465337901714582,5338714496408068793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1528,3485465337901714582,5338714496408068793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce4c898f8fc7601e2fbc252fdadb5115
SHA101bf06badc5da353e539c7c07527d30dccc55a91
SHA256bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA51280fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD51c229ac1d6660856826b5ccb7bba5c51
SHA1a5deac51bd812f52a1ce00218b598d52a2402ee7
SHA2560d228c768aaf7a0f6e768f12d5d33dfc52dc62912bd0f27f6a0af74352b027ed
SHA51216cdc71ebb91131df3d135066f600b44b42b3908a3e89c999e8c244c183eadbb065f45289d76876c5b2c54e5407f10cc2e15e3419ac8183dcf24fe10d9dfa2de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5a42b18343a9a08ffbbfc3bb53e539ef3
SHA1c59a8bfdd95718d7b1bbcb1ea767123a7b374f0a
SHA256d1cf81890c16b20605bfa305ce01165e675def2ebbbad9af54f658443f605ab6
SHA512d32c94022daf607f4c4460bd65785362b3360cba323432d4c0a1505f93ed15cdfd028e1b2297e4ce1d8b2997c148489f50eeb0d668708ed78618caceff04dcc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD570dcffdcbeea940d3b87e60284dad050
SHA1cb9bb7ebc0f480be5ca0d3405dc00cef02988643
SHA256285f9a317e314932ed325ed21a585a0f36c22f4cbee031db87ea02172f3898d7
SHA512e43fae037be48f7371cabfe91cdf2ede36c594c2dbe2e233198dba10f76fa9d225c643d11eac2794909fcf74101d88aba4d5c174d61e2b2415c2dde3e89e781f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53bf52530403a981c2b89875558614fc6
SHA102dfd1433cea3bf3f9569b8c23403124b554bd1b
SHA2561fcf08816ca552d9e8fb7d71cf768e5dd7569ae6f1289840be6c55d73d242f2e
SHA51216bb51a582fff38df6b4b45e1f1b60dec33a2cfd0511db0a76b71f806bc1f232f2b789eb3343c6a72511d409464d3d017b4ddd2a3895bc32ee2e1d3443b6a1de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5771901bb92a7f21611b9fe658f001a55
SHA1bd4ab2546af3e78ae21f8a0ce1a1a74066c5a045
SHA2563837497f7f1cf30037cc07b042b9d75460ede637be0711c5d20316803d76a7f4
SHA512953ae5a1ed9af47cc4734c30a078799a66565571ec9c6ad48f53dcd2d9f84431fd0a133cea30af2f169f0019b4106c076ecb810b14e26ba1f7984f259a7b3569
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5fe93a2470004530a504bfe85a4e24372
SHA1568c564b392b3c5bbcbfcca03a3e0e71e3a40c9f
SHA2561303c6d1c4449a0f5fb10a50d6c40439805e1ed728c06f687764c5eadf58c80d
SHA5120a9062934516ba125854181e3c493f3dc7b9caafc16b8937f3435858f9dd37ab6fe100e37b3c903bae378385175400b1223b7098113b13666156bc1e273351b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD523f615a2c9e96900bcc598b2e2b40669
SHA1ab451a53ccf810062f3af6fbaffd75e814a949f7
SHA25651c495a88ccf42a2c717fefb5a00f580f427ce96691fc13022872c3af9cc99ae
SHA5122686572ea06d8badcca0257e4bf6f36c065b461388592c0a6c025c958c34e8890776514f1dc4ae0abde41ead4969713345194a076531b268bd569a9dab2d8616
-
\??\pipe\LOCAL\crashpad_4104_XXSLULGZNPJOZWUIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2244-0-0x000000007465E000-0x000000007465F000-memory.dmpFilesize
4KB
-
memory/2244-6-0x0000000074650000-0x0000000074E00000-memory.dmpFilesize
7.7MB
-
memory/2244-117-0x0000000074650000-0x0000000074E00000-memory.dmpFilesize
7.7MB
-
memory/2244-5-0x0000000005930000-0x000000000593A000-memory.dmpFilesize
40KB
-
memory/2244-4-0x00000000057D0000-0x00000000057DA000-memory.dmpFilesize
40KB
-
memory/2244-3-0x0000000005830000-0x00000000058C2000-memory.dmpFilesize
584KB
-
memory/2244-2-0x0000000005EC0000-0x0000000006464000-memory.dmpFilesize
5.6MB
-
memory/2244-1-0x0000000000E30000-0x0000000000E5A000-memory.dmpFilesize
168KB