Overview
overview
7Static
static
3GDLauncher...64.exe
windows10-1703-x64
7$PLUGINSDI...er.dll
windows10-1703-x64
1$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...ll.dll
windows10-1703-x64
3$PLUGINSDIR/app-64.7z
windows10-1703-x64
3GDLauncher.exe
windows10-1703-x64
7LICENSE.electron.txt
windows10-1703-x64
1LICENSES.c...m.html
windows10-1703-x64
4chrome_100...nt.pak
windows10-1703-x64
3chrome_200...nt.pak
windows10-1703-x64
3icudtl.dat
windows10-1703-x64
3locales/af.pak
windows10-1703-x64
3locales/am.pak
windows10-1703-x64
3locales/ar.pak
windows10-1703-x64
3locales/bg.pak
windows10-1703-x64
3locales/bn.pak
windows10-1703-x64
3locales/ca.pak
windows10-1703-x64
3owutility.dll
windows10-1703-x64
1resources/...li.exe
windows10-1703-x64
1resources/...le.exe
windows10-1703-x64
5resources/elevate.exe
windows10-1703-x64
1vk_swiftshader.dll
windows10-1703-x64
1vulkan-1.dll
windows10-1703-x64
1$PLUGINSDI...ec.dll
windows10-1703-x64
3$PLUGINSDI...7z.dll
windows10-1703-x64
3$R0/Uninst...er.exe
windows10-1703-x64
4$PLUGINSDIR/INetC.dll
windows10-1703-x64
3$PLUGINSDI...ls.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...ll.dll
windows10-1703-x64
3$PLUGINSDI...ec.dll
windows10-1703-x64
3Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-1703_x64 -
resource
win10-20240404-es -
resource tags
arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
05-06-2024 18:56
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
GDLauncher__2.0.9__win__x64.exe
Resource
win10-20240404-es
windows10-1703-x64
12 signatures
150 seconds
Behavioral task
behavioral2
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app-64.7z
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
GDLauncher.exe
Resource
win10-20240404-es
windows10-1703-x64
12 signatures
150 seconds
Behavioral task
behavioral8
Sample
LICENSE.electron.txt
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
LICENSES.chromium.html
Resource
win10-20240404-es
windows10-1703-x64
7 signatures
150 seconds
Behavioral task
behavioral10
Sample
chrome_100_percent.pak
Resource
win10-20240404-es
windows10-1703-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
chrome_200_percent.pak
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral12
Sample
icudtl.dat
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral13
Sample
locales/af.pak
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral14
Sample
locales/am.pak
Resource
win10-20240404-es
windows10-1703-x64
3 signatures
150 seconds
Behavioral task
behavioral15
Sample
locales/ar.pak
Resource
win10-20240404-es
windows10-1703-x64
3 signatures
150 seconds
Behavioral task
behavioral16
Sample
locales/bg.pak
Resource
win10-20240404-es
windows10-1703-x64
3 signatures
150 seconds
Behavioral task
behavioral17
Sample
locales/bn.pak
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
locales/ca.pak
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral19
Sample
owutility.dll
Resource
win10-20240404-es
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli-win32-x64/bin/sentry-cli.exe
Resource
win10-20240404-es
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
resources/binaries/core_module.exe
Resource
win10-20240404-es
windows10-1703-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
resources/elevate.exe
Resource
win10-20240404-es
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral23
Sample
vk_swiftshader.dll
Resource
win10-20240404-es
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral24
Sample
vulkan-1.dll
Resource
win10-20240404-es
windows10-1703-x64
0 signatures
150 seconds
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsis7z.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral27
Sample
$R0/Uninstall GDLauncher.exe
Resource
win10-20240404-es
windows10-1703-x64
4 signatures
150 seconds
Behavioral task
behavioral28
Sample
$PLUGINSDIR/INetC.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral29
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral31
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10-20240404-es
windows10-1703-x64
2 signatures
150 seconds
General
-
Target
LICENSES.chromium.html
-
Size
8.7MB
-
MD5
fcb299831276a7c8bdeb036142da1c25
-
SHA1
bf6990abb92ab627b7f2e7aecbd5a58b86d2e09a
-
SHA256
6daa3cd398e5380222c6b6bdb4d66a4b4273d4bb74d6bf53495a5722f03ac0dc
-
SHA512
1e31ac0b6836d24488e32d04b5028ac2a9e00ebd8e29aaf742d9e0cdb50d5a9d4f7bcc3919b22a793552d31aaed2104415268f14e903754bf25a86510fbc98c9
-
SSDEEP
24576:RQQa6NA6P5dWWSmwRFXe1vmfpV6k626D6b62vCuApj:RWfTF0
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{96CB5394-F07A-459B-A1DB-05CBC995AE45} = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "424429454" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\MrtCache MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 17b701ff7eb7da01 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 5053780d7fb7da01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" MicrosoftEdgeCP.exe -
Suspicious behavior: MapViewOfSection 3 IoCs
pid Process 1364 MicrosoftEdgeCP.exe 1364 MicrosoftEdgeCP.exe 1364 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeDebugPrivilege 4420 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4420 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4420 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4420 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4424 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4424 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4424 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4424 MicrosoftEdgeCP.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4640 MicrosoftEdge.exe 1364 MicrosoftEdgeCP.exe 4420 MicrosoftEdgeCP.exe 1364 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1364 wrote to memory of 4424 1364 MicrosoftEdgeCP.exe 78 PID 1364 wrote to memory of 4424 1364 MicrosoftEdgeCP.exe 78 PID 1364 wrote to memory of 4424 1364 MicrosoftEdgeCP.exe 78 PID 1364 wrote to memory of 4424 1364 MicrosoftEdgeCP.exe 78
Processes
-
C:\Windows\system32\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"1⤵PID:4160
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4640
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:2816
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1364
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4420
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4424
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:1424
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:864
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GPU367N5\suggestions[1].es-ES
Filesize18KB
MD5e2749896090665aeb9b29bce1a591a75
SHA159e05283e04c6c0252d2b75d5141ba62d73e9df9
SHA256d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7
SHA512c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5