eafc2bfbeaeddb89f86da75f29f14435b745b919f0b99dd1d0d30b9d33efb415

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe
Size

634KB
MD5

fd9bc66ceca8b5e95e78558334fcdd70
SHA1

0fcbf40047842e5c5b1b4fee84b6396b6f9b645d
SHA256

7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444
SHA512

8fbfcfe3590ef5588e8af5017362f4024e52a4aa25cc66d6e415857ba05fd29bca041b86ee969585f692f4203ecd59f054e3f01f88265b3abd183b77d4d9ea33
SSDEEP

12288:TMrZy90IkujYvPGmnqc3JQSo61S9WsQydCFJpq:qyFkujY7nV3Gkc9hqLq

Score

7^/10

persistence

Malware Config

Signatures

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

Processes:

resource	yara_rule
behavioral10/memory/3784-10-0x00000000023C0000-0x00000000023DC000-memory.dmp	net_reactor
behavioral10/memory/3784-12-0x0000000002500000-0x000000000251A000-memory.dmp	net_reactor

Executes dropped EXE 2 IoCs

Processes:

1sH04sY5.exe2sX5352.exe

pid process

2652 1sH04sY5.exe
3784 2sX5352.exe

pid	process
2652	1sH04sY5.exe
3784	2sX5352.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1sH04sY5.exe	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{58A39A28-635B-47E8-8074-77CE8AE9F9A6}	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

1sH04sY5.exe

pid process

2652 1sH04sY5.exe
2652 1sH04sY5.exe
2652 1sH04sY5.exe
2652 1sH04sY5.exe
2652 1sH04sY5.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

1sH04sY5.exe

pid process

2652 1sH04sY5.exe
2652 1sH04sY5.exe
2652 1sH04sY5.exe
2652 1sH04sY5.exe
2652 1sH04sY5.exe

pid	process
2652	1sH04sY5.exe
2652	1sH04sY5.exe
2652	1sH04sY5.exe
2652	1sH04sY5.exe
2652	1sH04sY5.exe

pid	process
2652	1sH04sY5.exe
2652	1sH04sY5.exe
2652	1sH04sY5.exe
2652	1sH04sY5.exe
2652	1sH04sY5.exe

Suspicious use of WriteProcessMemory 26 IoCs

Processes:

7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe1sH04sY5.exe

description	pid	process	target process
PID 4572 wrote to memory of 2652	4572	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe	1sH04sY5.exe
PID 4572 wrote to memory of 2652	4572	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe	1sH04sY5.exe
PID 4572 wrote to memory of 2652	4572	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe	1sH04sY5.exe
PID 2652 wrote to memory of 3116	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3116	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 2336	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 2336	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 4812	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 4812	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 1776	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 1776	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 4340	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 4340	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3604	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3604	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3980	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3980	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3104	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3104	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3656	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3656	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3040	2652	1sH04sY5.exe	msedge.exe
PID 2652 wrote to memory of 3040	2652	1sH04sY5.exe	msedge.exe
PID 4572 wrote to memory of 3784	4572	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe	2sX5352.exe
PID 4572 wrote to memory of 3784	4572	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe	2sX5352.exe
PID 4572 wrote to memory of 3784	4572	7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe	2sX5352.exe

C:\Users\Admin\AppData\Local\Temp\7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe
"C:\Users\Admin\AppData\Local\Temp\7bca30b01b52faa483cb9bba6adca25589109b55d6cd6c01bb4219ef6d8f4444.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4572

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1sH04sY5.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1sH04sY5.exe
2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
3⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
3⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
3⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
3⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
3⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
3⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
3⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
3⤵
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
3⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
3⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2sX5352.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2sX5352.exe
2⤵
- Executes dropped EXE
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4436,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:1
1⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3848,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4032 /prefetch:1
1⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5180,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:1
1⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5252,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
1⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5272,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
1⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5304,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:1
1⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5320,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5680 /prefetch:1
1⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=6120,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:1
1⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=6232,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
1⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=6472,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:1
1⤵
PID:2380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6616,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:1
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6660,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:1
1⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6936,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:1
1⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=7104,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:1
1⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=7324,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=7304 /prefetch:1
1⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=7332,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:1
1⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=7664,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:1
1⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6596,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:1
1⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8028,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8
1⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7252,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:8
1⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8040,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=8252 /prefetch:8
1⤵
- Modifies registry class
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7780,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=8344 /prefetch:8
1⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=8656,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=8668 /prefetch:1
1⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=8920,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=8928 /prefetch:1
1⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=5668,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=8128 /prefetch:1
1⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5884,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:8
1⤵
PID:6824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5436,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8
1⤵
PID:6476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1sH04sY5.exe

Filesize
898KB

MD5
11729f6b0973ef2a47a1dd2ee073e9f5

SHA1
4a10d9e05b9737207964ab7678d786e4dc9d3e04

SHA256
416e2189eb8dc34247e5d0a5eb100188a58069679793ad46ad78cf903a5dd0a8

SHA512
604b2751e18a17e5c36744ba5c3eac12899580fca6422c3ac18de8011564e4b5ec08aaf720a3968b40b158f041158e1b712210ceb721e03ea076201a27a7febd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2sX5352.exe

Filesize
182KB

MD5
1d0719e8613c34abe740adf644a8e090

SHA1
2c3a38b0e6db48476ee00e75626186350447b931

SHA256
f05c01224a6033bdeb5155a4e327ba29210f2c7918fe9ea164d44106c3378c57

SHA512
4d0a8ae33744b2ce5caf21e7009bf4935773303769e9cbd16b81e9ce234c881da45984890ba3c9233c28d7dc7ea2b02c69b936f3b0a45f833157b68b91d766dd

Download Submit
memory/3784-10-0x00000000023C0000-0x00000000023DC000-memory.dmp

Filesize
112KB

Download
memory/3784-11-0x00000000049C0000-0x0000000004F64000-memory.dmp

Filesize
5.6MB

Download
memory/3784-12-0x0000000002500000-0x000000000251A000-memory.dmp

Filesize
104KB

Download
memory/3784-13-0x0000000004F70000-0x0000000005002000-memory.dmp

Filesize
584KB

Download