5a301916ad927761c6864210c3bd6f96defc165c575f937f72afb7847b76eb55

Analysis

max time kernel
34s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Первая версия [pass_ assm-cracker].ver.1.0.zip
Size

3KB
MD5

099c13e44ff941d249c50d093ea04fa5
SHA1

4cb5bbb3357f55e7476d805caa3aa82bb6ff7192
SHA256

5a301916ad927761c6864210c3bd6f96defc165c575f937f72afb7847b76eb55
SHA512

1dcb3e7892b79be1a367dfdaa88beb1f245d05412d1a10a80f0d64f73864459884b8e282aa4b22b2e189b1baaf60197a7411eed44cb816d115927049597cbb77

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1680	msedge.exe
1680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 644	1452	msedge.exe	100
PID 1452 wrote to memory of 644	1452	msedge.exe	100
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 2640	1452	msedge.exe	101
PID 1452 wrote to memory of 1680	1452	msedge.exe	102
PID 1452 wrote to memory of 1680	1452	msedge.exe	102
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103
PID 1452 wrote to memory of 1740	1452	msedge.exe	103

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Первая версия [pass_ assm-cracker].ver.1.0.zip"
1⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault48be9f84h3101h4416h819eha6ff0e37f4b9
1⤵
- Suspicious use of WriteProcessMemory
PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c45a46f8,0x7ff8c45a4708,0x7ff8c45a4718
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13020953601648589654,1149273856163357216,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13020953601648589654,1149273856163357216,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13020953601648589654,1149273856163357216,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
PID:5168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7dd51bbe8ae2a56e10862a21bfc78b42

SHA1
d47862f528dcf3d3f30882c2fc02488daa476f93

SHA256
da7920143f325f58ba65dd5f0102db8caff2871559086c89506cd94ac7bbaf46

SHA512
f1811a0f3296fdf5ecbdc0bbb21171de2d7c5ff523403c375acedac96be7edb9e5d45e2e70c8c21a2095eef66bf42eab9b46965c66b83f8967ad388b6a8d60b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b6e6c2cf83fabcad68884bdcd67a7cd8

SHA1
6b2001b79300c6f0b6e9229012249abcd770f410

SHA256
41a8041ba7350c6bc8a1ad634fa765a702b2338b15020656802c4c8c5a2ae0de

SHA512
971e3b92d8bc9d67a14adffe79c9d3114a753c5cb0b20f870bbe89feb4985757932f8339919dd5f3485b5627cf4ab65a05bf5f84f9f055bbe0be37d6baa03f47

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit