Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
02/06/2024, 04:50
Static task
static1
Behavioral task
behavioral1
Sample
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
Resource
win11-20240426-en
General
-
Target
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
-
Size
894KB
-
MD5
1f75c62e86ca8b74f7fe88597ecffe75
-
SHA1
4ec7859a9fb69306a8bfcb66b67d0d9ac807d137
-
SHA256
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53
-
SHA512
22773aa37f3a78c0e9c83e4f1baed286d64cdf01cb2731b5b8ae6c0e8f043842831a62c26a54ea1020fd000f126c81e883d8e42d6fb5ff6f0589f65163e63497
-
SSDEEP
12288:WqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TN:WqDEvCTbMWu7rQYlBQcBiT6rprG8aAN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3504 msedge.exe 3504 msedge.exe 4080 msedge.exe 4080 msedge.exe 2960 msedge.exe 2960 msedge.exe 3664 msedge.exe 3664 msedge.exe 3320 identity_helper.exe 3320 identity_helper.exe 1492 msedge.exe 1492 msedge.exe 1492 msedge.exe 1492 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of SendNotifyMessage 27 IoCs
pid Process 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe 2960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3456 wrote to memory of 2960 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 82 PID 3456 wrote to memory of 2960 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 82 PID 2960 wrote to memory of 4812 2960 msedge.exe 85 PID 2960 wrote to memory of 4812 2960 msedge.exe 85 PID 3456 wrote to memory of 3656 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 86 PID 3456 wrote to memory of 3656 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 86 PID 3656 wrote to memory of 4716 3656 msedge.exe 87 PID 3656 wrote to memory of 4716 3656 msedge.exe 87 PID 3456 wrote to memory of 1624 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 88 PID 3456 wrote to memory of 1624 3456 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 88 PID 1624 wrote to memory of 1368 1624 msedge.exe 89 PID 1624 wrote to memory of 1368 1624 msedge.exe 89 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 512 2960 msedge.exe 90 PID 2960 wrote to memory of 3504 2960 msedge.exe 91 PID 2960 wrote to memory of 3504 2960 msedge.exe 91 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92 PID 3656 wrote to memory of 4796 3656 msedge.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d147183⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:23⤵PID:512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:83⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:13⤵PID:3872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:13⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:13⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:13⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:13⤵PID:720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:83⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:13⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:13⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:13⤵PID:5140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:13⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,17252443168154043331,3389903572313040721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video2⤵
- Suspicious use of WriteProcessMemory
PID:3656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d147183⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12121567394413267883,808924729317431000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:23⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12121567394413267883,808924729317431000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4080
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a0d146f8,0x7ff9a0d14708,0x7ff9a0d147183⤵PID:1368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11731136030447141900,15322200801100173806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1440
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:216
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f53207a5ca2ef5c7e976cbb3cb26d870
SHA149a8cc44f53da77bb3dfb36fc7676ed54675db43
SHA25619ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23
SHA512be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499
-
Filesize
152B
MD5ae54e9db2e89f2c54da8cc0bfcbd26bd
SHA1a88af6c673609ecbc51a1a60dfbc8577830d2b5d
SHA2565009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af
SHA512e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD59d1cb9b51a52745e3e3e22842c7876e5
SHA15072a36abfec3c6c47fdc28adf4ec3eaecbd1bb1
SHA2561a0952c8095177dc39b63eb8c0b05c206489e4da52d4c1075148cb5f49e23f7c
SHA512690189a878f987d83a2d85a4b04d20dbf4f13686124161b2fa6e04b3966473985c3c80c271d214d21b9a7b92ac7afd0cd1010604f9eb3202748a09f1c764ec14
-
Filesize
1KB
MD5e14a1e0a8d98acf06d8b006a8a83a6f4
SHA143eb757077086dd02815ca4cdd552efdc4870a95
SHA256a164885543076531155bf77ecb434a028d4dbd6c460243bf6b7190af26a3403a
SHA512c31ebcf821d1def26ae3fd62ea5359eed6eb813e6cc2d9a2975e86e552865c1b31037a216bb73922b3e97dc5865ce04651fbb95a856120c601e36b9aab0bde93
-
Filesize
1KB
MD57185d155db691415210aa46fd9da38d7
SHA1e9c43d39ffd4f2fa245b428ce567f0e5394590c1
SHA256a0d330569c2d6273a6766cca127e44c6e54023d737b1e5144f69fff41b43eb21
SHA51273d2c4514e0a6b7927769e0993421557415e3a3d3ca90e354d953b833a33b0e015fb90bb9fd0d5833d2ef839187124ecf3b73239693f132b8917a02cd9178f79
-
Filesize
6KB
MD5f2186df6954e312b3967e703af4ac75d
SHA1cda195f58ab447d18dc24a318468720ed40b7741
SHA256668778bc01e5004a19f7a487f45928541867e5c6b94c32e11d718d8381c745f2
SHA5120ae988ff8a4478fc47ecd7dffa8acf6d72ed7fa3fefa3fb5870f646e2b0ff554d819b07a158da4673fc9c718cd362b08d6da3a39c142e060dd71ebac5f1a2e3f
-
Filesize
7KB
MD5b5dadcb1628f6aa7dc2ca6ea32657aaa
SHA1ee1f851139256ff7f1f934ff8c763c4059a93a40
SHA256507daba945aa91f17f994b3d119131d7a64fedfb3d28159af3c1e2a20dc32ffa
SHA512e5c74f84efe1c389f1e9cda46f02158ea73cdd5e90e811cfef7ff6187eeccfc1e979c974668f6e3a8f8e8716020ab531a573058419b184f2cf3f855cff50f2a1
-
Filesize
535B
MD5e732cba7534f449ce3f0bd5adb1b4bae
SHA182bad36b5cb00ecfc7f1b3285873ef9e60a06c42
SHA256941a430f96e500033ae2a56ce71bff1ddd3c37458a17e64d2d232fe042e0bd71
SHA512d869e4d7ec14328d0338694be0f74dd87deb2f4f96bb951a0d56aae467ebe26dbcdc13d9a828dc28f5ddf4d40fbe0da0a12f78183d78b0074a2364a91a6848b6
-
Filesize
537B
MD583d785ee96094c812655fc63754114ce
SHA1d591dd8479bd80b1f088e26df1ae8e4ea27c1b5c
SHA2565648be14f0f234581f06134061f3c9c0fc2df0d3de9f0b2718c000631aeeff7b
SHA5124960ef923875ac1139d0c7437cc1880c2b7ac70c0dbbbb08022badc740baacb954b9ba1d4c8043d6922af2e49ff066625bb579f965f8b788ef0479d6a1a8e054
-
Filesize
535B
MD5ca26950389bc7c33c1165ae44fa2aa6f
SHA1e03815a12102f0929b7f8e4beb1a87d5ca9a7634
SHA256246030c3fd48c9e6c7edee208643bc61218f446a4e5b1b34a2ab016e5357e1d5
SHA512b5af7d9b3a6cf7851db9cf54df2d25e619eadf7ad090321482ec1ab46f575b12941bc910b7797d327d0d855501df37dffa09cbb031ee2ff14e0a2fb5952456f1
-
Filesize
539B
MD5f7fac6a3636c4cc6ed243eb4cbb19f22
SHA16c94b755d941e6c72d8cfb60c4c3c0d263073472
SHA25606d87192b60b3899275373966c04ab7c4865f3af4d8320a94d86e1d8b3d3e41e
SHA51287ea7779cbefc5534edbd1c4ce971c227d74eb4231f95c0e42814f80eadb552319bff754f5bf9e92926f7fb4ee1e1de078162ac518d3f5be2a8a36fa8f32ab43
-
Filesize
539B
MD5aabf47882f6b678d1c1057950786036f
SHA150705fc7b025329f9a9f37ddb667341cd0a65229
SHA256aafba7cecaf45a7dcdc56cd634e18c671b0ce48b17f0112694b1bd92c68c0fc4
SHA512f0a2cdbb35a955fb90b1054b1b0969c2bba6ec2e0bbbfa3db0d6a8ddc215ecb4a49bcbdeb26c0d62397e28a2083dcf772d1313d6d948a3d05ca1e598f4de70f6
-
Filesize
539B
MD55f60a51bf9d9cc02400cf44def83ce78
SHA1efedce7a929c5f3ab738a16e1f6ff28659805be3
SHA25672ccb79cef5e783d702d3f009f08b039f6f01450c9ce8dd595b002c3fb2539bd
SHA51262e0b0c1b72c02862a3313480abb7204e6651bdedb637de1aa52c3b8bc98cc6b9b7ef9eef90d919dfcc5b4695a3ae4704a3d6f04a83932accdcee003adb472d1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD50b9aafb4ff03a5b45e7d3dfeb84fda0a
SHA1f85c5cc2b0a5d297c7e1100438d1ecab15452d42
SHA2564c5b20ac3724c3ced21a27c22a1f649576fda87e3f78311679e2cd12425569cf
SHA512b0bb6cc5edb6522e1e8114436c4dc3e680c4727d67e5e08ebb6cbfe31b90f69886cb304cc7b72869c35c52e5d6190c187a729125c961aea816cef8bf9e371c2b
-
Filesize
10KB
MD5090f995e1788f65f74a19ff55bfca4e5
SHA1e3bc3995b63531443098beead2ce29c823e41fce
SHA256d09348de08dcd10992499d03c041d3b1f3b8222019ebbe78b45466ed5e44de5b
SHA5121708a7f92cae563ab625b6667cf261cee421d56639c463454d438c4b8f148ab78dc12849c1a81eec04e5aaa0bbc075f819ceac52fe27de0247afe8e0e31d5609
-
Filesize
8KB
MD50d884089b004a104a60dba8fd7062957
SHA10c697ff67b8621eaddf7cdb70dc4bd2b5879765b
SHA2561fba1986d193714fc7ef015303070f5c895173aef4c1a745efdf92136fac6822
SHA5128e88218c87fdf64d48380faa134cbe77306f0af1d60693a4bdbb82c65adec4e0af47daca872626202fe61069be15a2fcd481ec2d6826b22acf26bd3da0e3c781