ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
Size

894KB
MD5

458ef4769c373bd566a65f797239c329
SHA1

d2cdcdb497bad52b2c777c539713e47b8d67823d
SHA256

ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc
SHA512

1f62e9b037c08b34041435737de58b792a3dd3d223f39757e68a7c2fb22ef7a47d2d22af523ac21caeab4db08aa715d04c9f6689154b4c953c7eb8f3adaa90f1
SSDEEP

12288:MqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4T9:MqDEvCTbMWu7rQYlBQcBiT6rprG8aA9

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4380	msedge.exe
4380	msedge.exe
1584	msedge.exe
1584	msedge.exe
4712	msedge.exe
4712	msedge.exe
1912	msedge.exe
1912	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe
2696	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 1912	4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe	82
PID 4664 wrote to memory of 1912	4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe	82
PID 1912 wrote to memory of 3220	1912	msedge.exe	84
PID 1912 wrote to memory of 3220	1912	msedge.exe	84
PID 4664 wrote to memory of 2248	4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe	85
PID 4664 wrote to memory of 2248	4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe	85
PID 2248 wrote to memory of 3224	2248	msedge.exe	86
PID 2248 wrote to memory of 3224	2248	msedge.exe	86
PID 4664 wrote to memory of 1464	4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe	87
PID 4664 wrote to memory of 1464	4664	ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe	87
PID 1464 wrote to memory of 2480	1464	msedge.exe	88
PID 1464 wrote to memory of 2480	1464	msedge.exe	88
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 208	1912	msedge.exe	89
PID 1912 wrote to memory of 1584	1912	msedge.exe	90
PID 1912 wrote to memory of 1584	1912	msedge.exe	90
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91
PID 2248 wrote to memory of 2904	2248	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe
"C:\Users\Admin\AppData\Local\Temp\ac7f6ec6ecdf697741e0f6fa28f2bf6600fbe41934f2be5e33e3dd6686375bdc.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedab646f8,0x7ffedab64708,0x7ffedab64718
    3⤵
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:4148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:1256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
    3⤵
    PID:1316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
    3⤵
    PID:2140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
    3⤵
    PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
    3⤵
    PID:5860
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:8
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
    3⤵
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
    3⤵
    PID:5292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:3084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,8686567204573364334,18288953990508884942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffedab646f8,0x7ffedab64708,0x7ffedab64718
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,928200275186009527,4795370274350798241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:2904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,928200275186009527,4795370274350798241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedab646f8,0x7ffedab64708,0x7ffedab64718
    3⤵
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8789974403547832756,4035007940807325146,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8789974403547832756,4035007940807325146,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
deae87a37696426ba6187643152210e2

SHA1
ff468383e2bf2224e088ebed6c8f310584e165c8

SHA256
fde063189f19f7622d7deff6cf813cca7a192557da3532e9a533fa2d7f713a7c

SHA512
1e8d69ea1ba78b74565e4859aaf7e2cd278dbae5f279a6a8b988e5c17566552e6130e1cf9dfe38d97383f2fdd792298baecafc2e45170eb72820284dd6e47581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f85e3926f3890cbfecd91b2b2b8a328e

SHA1
c8399010269680bb75be986c5d2739024afa7f2e

SHA256
fdda6f6dc3bdcf48800689abcecce02b59cbb09e9e157767df441a9f1b5b03b4

SHA512
2d2e4b70e692c7704576882583227a0d32d98cae4f98a72e7459daeffca04ae3faa2df7abd56dfb4e7dc9182b165e61b444f98b5a8009c8715a442a58d5e46ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5bbdd7a06cf5ce07e9fa0c17e18bc498

SHA1
3ecefa3c7682e935c1961aab311d60eca3cb002a

SHA256
6b678718ce8c7a4f417fa2bb4742acd1def30bb41fab0221be0a5c6c4d706180

SHA512
6f9fa524fd23b4ba2bed830c00fe3289bbe353e9b1fe1a880b152f06ff1192f3b8ee4182c6243a370f2d975e56ba4537e9fd5105aa6747b6c404a1b5e8f89a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6eac862923e957a698a992f470e29b11

SHA1
e577bb1b23e4edbee6afb14877c861b57ca58566

SHA256
cd0be963617f31d3c0462946b0ddc91bbc858ab9edfa6bd7469d32e00f93ee6a

SHA512
7cac826e74d3341eab03a3567b4955938bd4fa4a94cb3b35732db04507fa11911478946d8c83e382b6efce4f8e6907f554f6f878f032cc201df4fb33cb203fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a9d5983b5346d0fdcf57444d061db74

SHA1
180d58b565a4420771b98612b08a00e786611508

SHA256
528ec2acaba14f4b4ea81c8a9521ec32f91576304f30790eec9e9ab2db620b5b

SHA512
3e0576d362edc639b03ec1be9b9a645f4b15b34f0b97fb821dfe9442977588bba13121bd8e2d021fdb1de0dd255d42cd4a0c4e4e15f4fb71ca3851ce60cc6360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
f00a72ba6ae79cc121e616da2716ebf4

SHA1
631ba33993d5b696f17e00418844b1f3df7b08e7

SHA256
090c5dcdcff6134a203115773551362639c5dcc2a261db20e77f945f1c5ab954

SHA512
7ea8cac83c830faa9550eb3c2e59e390de5f0f635f9e63459871ae89c459846fa79758bff40e24068227756bdcdc98bcb02cc592ea9ead9e0733401789974518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
693511e55b228ebf46b1d817ce093df9

SHA1
0a453eab576eff312edc92e852123bc3b57f3044

SHA256
4c58261e4b1c879a9cd26d98e3b62e2474cc7cbc196524792d871e7f63c798cb

SHA512
9b37c707e6a6937b3f2eccfbd37f245057ba8383b67f7c70c234d08ef15fbe873a2a55791b080cd9f62809307ebc494d275245057c57c24ba928735d0aae9f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
d8fd7564f311b7f5667ab686670c928d

SHA1
eea48e62c2ed266d56d4352b7c8c9d1d50096d17

SHA256
8ed207d2f240273bd634cc5a9da5fa4ccb2fcb00a59a1dff4c5ff463828a3e9d

SHA512
95174ec7e012b1e35acd323356c8e6c4f0cf49fc5a8142b2ac049a0bffbebc17c56bee764d7ef5764dff7eac1c3c4a0621a3b4bd0bb7cbd11f7570767fcf5c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
35893b2c2f43b3d35a0bb244ad850b6a

SHA1
91ffe2edd9a29f53a2286a6acb5bc424dda453f8

SHA256
cc64745a9c3548fd1db418ee3cf03fc796dd1c81f06664f7640df285b842bae6

SHA512
da5b23e1a488d98fc348d9dbc8af82ae01e2212657db05d5af51d793e27540c8213f72a0ab7ca8f55a0119a2721fb0f0241367f74380812f7f530f61671f74d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
8ff8868a810e4f43deb1dce74c6b949e

SHA1
18aa7a98554364638a0d7f1d3998e711aac5d039

SHA256
6bcaaf42a0f1e4aa591ed8c1bf66e1420e7c97fc31e2caae065a7890b07ccfef

SHA512
4613d759a5d02fdfa5b450b650dda201f2edb91233bbda8362e9016dd27118b032e91556ee6eebafd3e3a85d40fe06b1d5bcc455ac146a405a4b303514be94cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a1dd.TMP

Filesize
539B

MD5
ba81f6f14e12f0f7df182418c624e1ab

SHA1
ba028290fde451fef67f7e9384732adcbf16b299

SHA256
d7c304d96f91f63ed7b0cb02ff87ed0044c5d882de0fe426bc19d0dc7fad42e3

SHA512
a08581586fdce7fe88662cdc46588563e355fee29652ffa55374ab575a2662408e5d30beb7fbb74d851eb28e4d636ad362e84360323c2e8da7e46cd5b3985741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6fd2ad7a4ce50ee048832948bbaa4311

SHA1
6dfa8fa2d60395af3c31be1f9c42e30c5068ed0e

SHA256
0a2e3af5ff087a104d8d08e29559e72741508e19b5029fa5809e2f19074919af

SHA512
ec544846a2a62ca78f9bc33427d0e4f7dcc77903037c56dca6679d7f24aea064abe98530820819c638452136c993ab7f3c014fc58f0557783d0eb3849862bfd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
586d0e0e97cc5c2472bd71a1fdc0a193

SHA1
38e04c19c1b379a48767eedeef9b3cae6c9d816e

SHA256
00131bd0bbf2a0744856df07d840a817278f50c4bebbc7cdd7e6a319268b47e1

SHA512
e04fdd994d78de4c4f9aeb4291b9fffda68005dd28bf1de316e146f11533ebfb9aa93a9eadd0ac53a1ad7db70a604cdfd1c6b538c88903f05d061e6f0bd44da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
89b86a9bfd5e15cc58c8cb23954ebb21

SHA1
c6676ad4f711302f0c0c887647b9ecbd18e4b54f

SHA256
23dbcc596d194dc61e2ae5c610405cb2f7fd59d12b35127b7881904da6349ac7

SHA512
c3d0e54784220f52ca377476d6760eee13e5d1647ca94e5971d5db68f76c39d74c30dcc728c848e2be6525a6060b2e6961da34dfff514ad8a69e922b1c7d1bb2

Download Submit