Analysis
-
max time kernel
146s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:53
Static task
static1
Behavioral task
behavioral1
Sample
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe
Resource
win11-20240426-en
General
-
Target
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe
-
Size
894KB
-
MD5
54d3230e866340ec2ac92abae8c15ca9
-
SHA1
547645ecf9b454221828a6d66a17a43422e8f6fb
-
SHA256
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21
-
SHA512
d25bc5020c8b29065d420a6cdae53a0413de988cadc24106391eef0609553bdcde0b4dd83ab54b84c4685732d010377c6e720bef34ab68f8bc03b5f5d1e1aa84
-
SSDEEP
12288:FqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TV:FqDEvCTbMWu7rQYlBQcBiT6rprG8aAV
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 224 msedge.exe 224 msedge.exe 2264 msedge.exe 2264 msedge.exe 3032 msedge.exe 3032 msedge.exe 2388 msedge.exe 2388 msedge.exe 2896 identity_helper.exe 2896 identity_helper.exe 5840 msedge.exe 5840 msedge.exe 5840 msedge.exe 5840 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious use of FindShellTrayWindow 29 IoCs
pid Process 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious use of SendNotifyMessage 28 IoCs
pid Process 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1876 wrote to memory of 1804 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 81 PID 1876 wrote to memory of 1804 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 81 PID 1804 wrote to memory of 2856 1804 msedge.exe 83 PID 1804 wrote to memory of 2856 1804 msedge.exe 83 PID 1876 wrote to memory of 3032 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 84 PID 1876 wrote to memory of 3032 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 84 PID 3032 wrote to memory of 4480 3032 msedge.exe 85 PID 3032 wrote to memory of 4480 3032 msedge.exe 85 PID 1876 wrote to memory of 3452 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 87 PID 1876 wrote to memory of 3452 1876 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 87 PID 3452 wrote to memory of 1224 3452 msedge.exe 88 PID 3452 wrote to memory of 1224 3452 msedge.exe 88 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 3884 3032 msedge.exe 89 PID 3032 wrote to memory of 2264 3032 msedge.exe 90 PID 3032 wrote to memory of 2264 3032 msedge.exe 90 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91 PID 3032 wrote to memory of 4144 3032 msedge.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe"C:\Users\Admin\AppData\Local\Temp\71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account2⤵
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe604b46f8,0x7ffe604b4708,0x7ffe604b47183⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11753629933855041923,967522316501458552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:23⤵PID:3860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11753629933855041923,967522316501458552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:224
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe604b46f8,0x7ffe604b4708,0x7ffe604b47183⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:23⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:13⤵PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:13⤵PID:4800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:13⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:13⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:13⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:13⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:83⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:13⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:13⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:13⤵PID:5292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:13⤵PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1899790198056383991,16536966805332218772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:5840
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Suspicious use of WriteProcessMemory
PID:3452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe604b46f8,0x7ffe604b4708,0x7ffe604b47183⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,12922419581621779917,15717410463846558466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2800
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5acd218717d844257b0226691c045dcae
SHA1818f21bea8352910d71769d29ec22eb19e48b5d9
SHA2564eedaf3c602b18598a17dff4ece95bc6fd97530bda2ecfb8ec9d8ae5f1e6d9bc
SHA512edc3a8f66987c186191f94d25f69ca2a80eb55ee15972e46008fbcdb1b1e570d479e49f75f2f70f9a43c4ebf76055abcb1d063e9dcb26b7998ce52b6eee1a6c3
-
Filesize
1KB
MD50f1e9246415f15a12f874fb080dda944
SHA16dc73c401e2e4d9d0070b6193fd9e726a29cf133
SHA2560e6558e2902681976d56d55943cc991602ba8c4b4074adf80b3d8d2cebea62ff
SHA5120ecfa135af9044090983cd303c0d7ec88146ac3ac4ce082a34f8dfbd802da6ed4287221952be239e597da1c30e7c6db3a44e3aa0fcb00d228e25665a8f332722
-
Filesize
1KB
MD5cc79a09a26d2452df3504d598fd57f5d
SHA14a7dcc934668eb64b1029602e243d6d48eb5063f
SHA25618796ba3464b6fca4a1d53f0d3bf716e237a37dec543d2e7dc46c594211e0a42
SHA512c24d7f8e0a9e8eae4afa3d22e80de2f64871b19b94758d7e1a8d75c38ac941aa044b8d40839396053e2712b97491a1777684cd4af1f586c32fcbcd3012844e7a
-
Filesize
5KB
MD5691884ba3e33689285f4a030503bacc7
SHA1581657d753a34f96c0baf8073d8373f27c5c1a00
SHA25663e53493a811e87fde2f8c343cab79a26558bb0637fde1a8655541a072a9ef1e
SHA512c471e8815020d14ef7f078c2b97e8ba1deb661b58adf546835418185a2a4c4da26137ba7e10ea0d1e2734143919330277df4a0b7913a2176d52a554117a87542
-
Filesize
7KB
MD565a47a07c18528920b513302bddcd8a0
SHA10ed5f6cdba26cb8bbeb9567123841a4f45c6625e
SHA2569091de23532a9d39434c191107e8c89ad0302f369a23ef26a43593d266d4d865
SHA5121f6af55f5e17d70d3034076e11ca39c3739ba1206f8368bbb8ba243de87dcd7dc81650a6db28b5c1f5ff69f66c9a55c3a6bfd0d2767906bff451f2e58525ffe0
-
Filesize
539B
MD50c9e166a4c9953864acba013d71451ea
SHA1d2fb1cd4becd17d580ee823b39dab41951e37005
SHA25694b956d46d1447054ad82b786b933fcdbf17cdbad1ed8d4f14c41c0a2e71af1e
SHA512884e1d63887b46e88df79f4b2470cd520973b33dc0fa0b0d0b23c13646c50d913f1586258ab66dad84816f9ff34820fcfedbf81112fcd8755c4c1cda1acb58ba
-
Filesize
539B
MD5650bdaf0a5841ec40c964b3b8799c7ff
SHA1d1ece85e5046635c179ef65ade4314c7ac6131b5
SHA2568896e34ac6c9ca171fe36d8c9f5d21f664915c5029d2b880e7e01f349c9b9fdf
SHA51262fd12be93ed50fe042a8046f81f690c746428b907e723aa37eaa6fd70b2321bd7e651aaf290dfcbc3e82f0ed6ec5cd2049554e2b5d5c84f15e229180ee2df6d
-
Filesize
539B
MD5f34a840017f7ca793b5161b511bd08d6
SHA1d18428cd11f29aa426010e13b1a2291d153dcbc2
SHA25675b09f7502407ca96bbecd912733108453b8df182f089a50377934d0c6e40478
SHA5120da588f8114ca9165b5d3f7c059551d62340f3714fe2b531358a92680a1a66f400bc8af280a02bf2dfbd219348c3149bb8fa1d90e8263ec19e0371b745f1f353
-
Filesize
539B
MD54db94b301b9077f47f480baf9cc22c66
SHA102eb4bec906ba8f42a14b414b2796eadc39fcd2b
SHA256fa9b431866d877a27fc7b131572f41e4e1286543e84487e5d840bb4b9ba45c8e
SHA512d0d55ef5a40e5fc5aa3edc29dc98b09a62533d8ad9dd3b6b407bdba3123bba11360990ed480d93f56dae245ea9bcc84e7d3c15bd1e10b38a62508c7358390a92
-
Filesize
539B
MD59d8dda51359b77db9527cf95a82d82b9
SHA1da9639e70bee463c34d992e4a8acce449440ecd6
SHA2565ae8a3ec889e95c9024f97cbef9cfb97c21bfd05bad281d90383496741dd7f0f
SHA512d069526a7e867b9dc3f9781e3fa53c2c25f099eb44a105972e172876fc544ccdfa3fbae2d48b74dd712355e4e7e7e966b7d0ded3da73958bcbb630153d3cca7a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a5027c09964587629d1a30031e815f0a
SHA1927aa4c08db77d72211c168a1cdff1df9e0ddeda
SHA25676dbeb07f91496cdf97e93b7a62b8105b84abacee353d0cf171c6ef1230b81b0
SHA512852bd8ea07fead79500afe386cc820238bbbc5b3498c60f1617b57497d85c090c7955b1ecf010c5bbef83aec97f212f299999fe6a4e2fcda567fb177a66272cc
-
Filesize
8KB
MD5057fac2860ea84ba6928356d8cbae4d0
SHA19305dc11bb3bccf9af87a5000926f439d19525f5
SHA25638170ad4acda4c62a943971bc7caf1403802c56434d3c0b0337a006a81875ca1
SHA5125e85b34bed5cad001886d71cc10b9e5eb8cf51bb0f40155a05a4e480dff2bbd8077afe8b712936135e83e3e63727efe3eee77b922201f4183adb574f0925a8ca
-
Filesize
8KB
MD506bb283abc4b4d1978b42c17d7bfee1a
SHA1c917cde074491aa8d879f78609785bacf7ed43d4
SHA2564978cecd0956dd30fc01e47a67def8d8e14ad5c0a79eaaa0c8a3f5bc827cfe8a
SHA512f76e2b7997a36d0bc15812c3d8e695b7fae13d175abc009d91feb1687060bd5256fe44427588ec31a2dc932fc70ef66c3a5a31b5636f20c3fe5bb5b0db09ae68