Overview

overview

6

Static

static

1

7b1d76e8b0...78.exe

windows7-x64

1

7b1d76e8b0...78.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b1d76e8b0aad0c90ab0c3693743db2c7dde5bd7d1d4ebd133bded94e5c7d578.exe

  • Size

    26.4MB

  • MD5

    070bd67c1f46c01725f32f6fca170cd3

  • SHA1

    9de1cfa0b02f2685a90f6836c4bf8e19a30c64f6

  • SHA256

    7b1d76e8b0aad0c90ab0c3693743db2c7dde5bd7d1d4ebd133bded94e5c7d578

  • SHA512

    709d7f21320e766b2c35c4726f820ddf27190b555fa6f4d5e21a1c97630fe44bc768052d5d3557b4c5da423f0d50f75a7914c7c18c2208792b7899e4de125391

  • SSDEEP

    196608:WbcaEwssvzfv6YSjyuX4/V+kuuBn/VekuuBk:yhEwssvzfouH/V+kuuBn/VekuuBk

Score
6/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b1d76e8b0aad0c90ab0c3693743db2c7dde5bd7d1d4ebd133bded94e5c7d578.exe
    "C:\Users\Admin\AppData\Local\Temp\7b1d76e8b0aad0c90ab0c3693743db2c7dde5bd7d1d4ebd133bded94e5c7d578.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4848
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.AspNetCore.App&framework_version=6.0.0&arch=x64&rid=win-x64&os=win10&gui=true
      2⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff1e0e46f8,0x7fff1e0e4708,0x7fff1e0e4718
        3⤵
          PID:1092
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
          3⤵
            PID:220
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2988
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
            3⤵
              PID:2004
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
              3⤵
                PID:2316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                3⤵
                  PID:4472
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                  3⤵
                    PID:1700
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
                    3⤵
                      PID:4160
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                      3⤵
                        PID:4716
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 /prefetch:8
                        3⤵
                          PID:4912
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
                          3⤵
                            PID:4316
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
                            3⤵
                              PID:840
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2504
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
                              3⤵
                                PID:412
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
                                3⤵
                                  PID:860
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                                  3⤵
                                    PID:3640
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
                                    3⤵
                                      PID:3880
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17817431738551934518,14725926712407443062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:2
                                      3⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:6112
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3108
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:376

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      537815e7cc5c694912ac0308147852e4

                                      SHA1

                                      2ccdd9d9dc637db5462fe8119c0df261146c363c

                                      SHA256

                                      b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

                                      SHA512

                                      63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      8b167567021ccb1a9fdf073fa9112ef0

                                      SHA1

                                      3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

                                      SHA256

                                      26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

                                      SHA512

                                      726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      408B

                                      MD5

                                      ee7fe06f973769369b8ca49cc82af252

                                      SHA1

                                      e9c0e0cceb72c510e1fc148ed9ddcd069de2d610

                                      SHA256

                                      ebfaca9d046f404b89001121c44945fd5fd2a760e61b81f06aa403d4567b6d5c

                                      SHA512

                                      a0be1a75ed207cbe5a6260ba041f9fc25b7e391c046f21e406a663cd8ffcef9e46b0d9293c323b93f4b578082d7ea5c00aaa0d36da96d83f25e816ee6482c4d2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      1002B

                                      MD5

                                      0dcec015c95967f037dac34292fa9310

                                      SHA1

                                      589b66f65269239161fe5470bb8066993a393e55

                                      SHA256

                                      df947616e5b27d1cabe95bc05206340e962bb2a0fed58e163b3279ac5c41776f

                                      SHA512

                                      61d8d020144e5d8a8c8c48e5baa2609fe071253b124cd6642a0b5c5e2ae63391f75e40970c4e870d23f2b7a4c3cf2ed9ab9f4eae5957d13a3e250598771e83f9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      902B

                                      MD5

                                      46a4922a2e90827b2c1f15769e37d048

                                      SHA1

                                      ea2bc27c1751d1a4f779d75beffd6478d5184439

                                      SHA256

                                      333d6f474579ff820af6b5fc06d40793ae09a876074b06f5ad33ce2a29792825

                                      SHA512

                                      e75cce3a501bb684e367cf5ed8edae3a975334df66615e79005102e89f44cb8b2e7bc65ed5d2e5a61db5e35c8470f7dde663b665c34148015d12880f2cc53cba

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      763137e0c0c5088f69af3be58a46fe53

                                      SHA1

                                      1473e236e1d5fb679a99e63cdfded7777923ee6c

                                      SHA256

                                      56d6b25f215e84f7b6747303e4ba6868a16735b051933c10709f5fc2035d43c0

                                      SHA512

                                      9cb102336843b697dcc4b0fa8add1f32bf2c52263b7932579b5c2f01c6dcf95e625d4ebd14ac768ee3142ee3d3dda4e38be5e988f667da1e4d5cc0445c36fa70

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      0df564a7087556fd8532ce1530144107

                                      SHA1

                                      745d277aa39bb534677b4acd0a1916a5b123b1df

                                      SHA256

                                      5b89b9e49b19fdf6faf08aae53c5279cceca08d19247be585cc513ec0505b3ca

                                      SHA512

                                      5d53283b2e9a30de094a82f00f681e0d4fdc61eefe1fac46ac3bd4f6db62366413e6f93debaf5c4d9655981bfe6c9531fc55d4363f84efeda3574d12e5dd1776

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      707B

                                      MD5

                                      2e1b3cbc14f80fbe22a1718c305b5551

                                      SHA1

                                      bed4985b1fe6ad0782d664d008c6cd407c85bc42

                                      SHA256

                                      712212f2545eefefb5526d20b806c3d5f78a65a3db89108bb22fc8f90023d6e0

                                      SHA512

                                      ac9227c11bb563ffbbddd7a1f12d802707ce0ca3a32323db08e3c668a9eb692f587ab809452f06702cfdafc33d1bc7494f5193e4000219bdda9d4a06aed2d112

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ca9e.TMP
                                      Filesize

                                      539B

                                      MD5

                                      fa27a876db6fccb0f217261c07a098e1

                                      SHA1

                                      6ff3a4e52e5c03039d27ed67eafeaeb291e6400a

                                      SHA256

                                      6bccae23cbf5c87374b8d5ced3aa48998900d1c9a2dd63a9227af406f70d2b6a

                                      SHA512

                                      72a16264062ef40c00bdb30c4d2ab6ceceba6442f920112fa7e402f84a94215a491962bdf0400a3201c0578c716641b5a0fdcff7c24a877642e6ff43e00f3bc8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      e463abde0325d7eff69430b588edd924

                                      SHA1

                                      7c64efa3cd1845ca9fe8b82f6cdbdda4c44a8cdf

                                      SHA256

                                      9b4d54c7d8d1c6760688e7d03dfa214e6057b68b85f300b70dfae156a6f20073

                                      SHA512

                                      320fff9083845e9db5e76bfcb0d59041c72902b42eec2e95560cbcd72449b77341b823503b2740b13566a42c7125aae46e24b978d2d3cdc481b1eebecaf40a62

                                      Download Submit

                                    • C:\Users\Admin\Downloads\Unconfirmed 721440.crdownload
                                      Filesize

                                      8.6MB

                                      MD5

                                      014bbe58a3b0e20d8c4259d958fba76d

                                      SHA1

                                      e96072faad8160241166f998db5a469d102cdb9a

                                      SHA256

                                      368e52bcb6787aab1895b7e0300ed028dcdd6d02bef7f83ab79c9e26cf2c1fcf

                                      SHA512

                                      a4c657a448f361d3bc915e9ec4dc01e9fee60a3ead14ef7d7fb5fcdcde02aaf339127ddae2c918b7de74646c99c6802fbe291d632d893a9e5db35d0421998663

                                      Download Submit