Overview

overview

10

Static

static

10

2360-124-0...ry.exe

windows7-x64

1

2360-124-0...ry.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-06-2024 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2360-124-0x0000000000D30000-0x0000000000D38000-memory.exe

  • Size

    32KB

  • MD5

    da45bdc16aac003841ecef0f18215d96

  • SHA1

    2a4d03c2b550aa0ad28847e4115eb8f6d09e517d

  • SHA256

    5037f2ad274884591abaf27fe66bc5c6700d2c9661fc4c246a6acd9eef758c09

  • SHA512

    dbc12cfc20d0a63b20e14c42274eb4e2288d415793bd8aa5f8a1183abdd29e501ff0fac4e207b8e29862cb2c82ef719e327882d8a6b3b8b961c75476652f6e3d

  • SSDEEP

    96:pfirqeli5O5+tFrYeVY4KtzPptdnK7rzxYT5y4fyQdy8yJzNt:pfjeg5c+tZlVY4UzxLurs83Qgrr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2360-124-0x0000000000D30000-0x0000000000D38000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\2360-124-0x0000000000D30000-0x0000000000D38000-memory.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2360-124-0x0000000000D30000-0x0000000000D38000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3460
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8443c46f8,0x7ff8443c4708,0x7ff8443c4718
        3⤵
          PID:4296
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
          3⤵
            PID:4012
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1504
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
            3⤵
              PID:4808
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
              3⤵
                PID:3240
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                3⤵
                  PID:1468
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                  3⤵
                    PID:3788
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
                    3⤵
                      PID:4320
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2716
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                      3⤵
                        PID:3548
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                        3⤵
                          PID:3208
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
                          3⤵
                            PID:460
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                            3⤵
                              PID:1044
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                              3⤵
                                PID:2596
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                3⤵
                                  PID:3220
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2617533519343900125,13029252261376586452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4688 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3772
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2360-124-0x0000000000D30000-0x0000000000D38000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                2⤵
                                  PID:4804
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8443c46f8,0x7ff8443c4708,0x7ff8443c4718
                                    3⤵
                                      PID:3440
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3612
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:5024

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ae54e9db2e89f2c54da8cc0bfcbd26bd

                                      SHA1

                                      a88af6c673609ecbc51a1a60dfbc8577830d2b5d

                                      SHA256

                                      5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

                                      SHA512

                                      e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f53207a5ca2ef5c7e976cbb3cb26d870

                                      SHA1

                                      49a8cc44f53da77bb3dfb36fc7676ed54675db43

                                      SHA256

                                      19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

                                      SHA512

                                      be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      264B

                                      MD5

                                      ab05bf6df5cd9c6a6d7ff429e35cb653

                                      SHA1

                                      9906b938a0847237d94f6ded0bbfded8ffee7972

                                      SHA256

                                      adcdcdc1015f64d0ef7b00de3a44f9b61ea45eaf547551bbe7e2191099ff9c2d

                                      SHA512

                                      9cb16f91767d218435bceb38505aa7b270a1783aa3c2e8ea0b93599cc1fe82c2be6dbe7fbc8ff9e8c6636e37f863178e345635da068b6c0de9de90e22090672f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      437B

                                      MD5

                                      05592d6b429a6209d372dba7629ce97c

                                      SHA1

                                      b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                      SHA256

                                      3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                      SHA512

                                      caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      210a03e9bd5f544535660e1dc26dc5c9

                                      SHA1

                                      e6fbce95c1ff6439da9b50234214cf10efee44f6

                                      SHA256

                                      87853afcc4d6f73ab6f8f8719f4d3abc2b6c57005fe28dbdc0a9fc7c928678d0

                                      SHA512

                                      779bbb2f21b8a6015e9f8830d4df526c1428a4c53208eda8aca8b714bf5b3a964626ceaa59b3f0189e68abb8e74f74509c9c938c68585742d7d3e0c2feb80d59

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      e0efd437b60a71da63586e0c4e430226

                                      SHA1

                                      cee3f0910af91d9c521d17de25a488d96add22c5

                                      SHA256

                                      bc071c9c069b0925e9a2af61739bab7b5304a9f3975072b2f2004e166f8daf54

                                      SHA512

                                      b99fe2fc333f95e074652ecd5646217a48de46ba783ed9f9603c4d1c40605a2eeed9b840cac617161a1fd7fd36bbf507df0b825857bd77e87127b1c5f34dd59b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      ee0fb6af239625c021569946b9e5143c

                                      SHA1

                                      c997c1930139f4630749330c3aaa74f9441ce88d

                                      SHA256

                                      46b676e527a0acdc0530338a95a0721358c8e3e647922fcfff340fd3dc30374d

                                      SHA512

                                      55d75ece431b86d32545cb0d5766fcb8210c01d496edbf31d96a44ecddf0e6f03b70be17bdb91580214444dbfc5cded4367ae2e960bb58afc8ae27b9ded12ea3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      371B

                                      MD5

                                      31db240480d04ba05f5c4b01e8a18d80

                                      SHA1

                                      0af8a8a9474bb10273eacb843b1cd11a82da77f6

                                      SHA256

                                      075ba5585811aecb88d4c3621cd5360d8425c32e2446426c480da7e302b5a4cd

                                      SHA512

                                      e710ff4ce511c6d21488ef7a5cffb2c2aa3856680131c825d1b6e7aff16d88ecc2eaaf6e5b99e8bd70e4f6cb61e03d559ec72c34c791e917d59d343da10a49c3

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a6a0.TMP
                                      Filesize

                                      371B

                                      MD5

                                      a3ec88ee9b0aa1e8736ec8b3a05ebd6a

                                      SHA1

                                      062adbe9518ffdaec63df39b9506e49337d41be4

                                      SHA256

                                      b4481de1b726cf5548bfebba4aac0d3457465ae0ab2737119ff7a1556ac73cc0

                                      SHA512

                                      61f4fcb81d71480baf4124909fcdede536943f21140dc74016dd0152f0a4c63725dca9b3d094b86b11d6c99437d64eede9c7fb74380b59cac26d6aa64704d7e0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      d1ba1a00fd17d6c1e953564f2c5bd25c

                                      SHA1

                                      6bb6cf9d28c8cba6791b324e9394087fb07644f6

                                      SHA256

                                      1c35e3f944a47b0fdf0a6b0ebca3188676166b0dc96b5b51d40c5c35eba2ee01

                                      SHA512

                                      c1ab471b8bb6504bc87f1b0f6edf4bc4367e057778b84d50a629d8fcb02bf628968e52147996b153e9c14284fe6bbd51fb22e27a0c95d4ffe1785048a045886e

                                      Download Submit