58e4938ebce7b64b8f9de4fd8fb896988fc460b0167242cfbed4cb915548dd4f

General

Target

RegionSniper.exe
Size

17.1MB
MD5

d4882160c80f22320569f3f76d2115ea
SHA1

18dee742744fd78d69f7c9270f074751e2445620
SHA256

58e4938ebce7b64b8f9de4fd8fb896988fc460b0167242cfbed4cb915548dd4f
SHA512

530e18198728b01acbe85f1a395bfa5fb91850821a853de3d3ddd8bc50e03d1aa883991633aad998d8d16580e037d19c6d0efe7f1efec52d8653837c9dd4e903
SSDEEP

393216:m87jTRukUlLdBm/QFVOY4XozEse57L0KGs0Ts:macdBSQFVM5oK9

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msedge.exe

pid process

4652 msedge.exe
4652 msedge.exe

pid	process
4652	msedge.exe
4652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3696 wrote to memory of 4484	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4484	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 2508	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4652	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4652	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe
PID 3696 wrote to memory of 4644	3696	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\RegionSniper.exe
"C:\Users\Admin\AppData\Local\Temp\RegionSniper.exe"
1⤵
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9fe94004h69d2h4e7ahb3abh2a326912e3d4
1⤵
- Suspicious use of WriteProcessMemory
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8cdef46f8,0x7ff8cdef4708,0x7ff8cdef4718
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,5873296924391336605,2313429973608798833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
2⤵
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,5873296924391336605,2313429973608798833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,5873296924391336605,2313429973608798833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
2⤵
PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7cecbdd6f456bb2d0ea4115365496e23

SHA1
1b402f35b04ce0fac52987bd8e82dded8bfdcf76

SHA256
30cbc43794105750720ff412ae5bbbd904b8e07b991375387e2fa0ed4d1e1b06

SHA512
85f9ecf767b07524c45b29b100562b3e2074a33ca9dc1e978ea2d0f7252bbfe84fd69c46154bedbfb79f3360510c3c2a0dba68b35c3cfbfb6ae2a9c461bd2220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
08b07cffedfdf540511401e82e28bba6

SHA1
24305fe3bbcc1c790f81973615211777a1224fde

SHA256
365cbd22867d624502230a284af7cbfdd665e030a50bc2076f15a32bddf585f4

SHA512
4c507528bf406e2dcb80c88e0a641bc9e08c7f78a264c4a21d638d76928c31a4f487e7eae9ec054387011bac6c79456900c63a5b762a015e63f2a085d4342a87

Download Submit
\??\pipe\LOCAL\crashpad_3696_MKHEBTGFTWFGJQAD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads