Analysis Overview
SHA256
5717c1e68860552f27d4716b5df35386b6cd926cf86cdb08f4011d567be16d7b
Threat Level: Likely benign
The file LDPlayer64_ru_1297_ld.exe was found to be: Likely benign.
Malicious Activity Summary
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-11 21:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 21:06
Reported
2024-06-11 21:07
Platform
win10v2004-20240508-en
Max time kernel
53s
Max time network
54s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4496 wrote to memory of 1688 | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer64_ru_1297_ld.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
| PID 4496 wrote to memory of 1688 | N/A | C:\Users\Admin\AppData\Local\Temp\LDPlayer64_ru_1297_ld.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
| PID 2532 wrote to memory of 3212 | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
| PID 2532 wrote to memory of 3212 | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\LDPlayer64_ru_1297_ld.exe
"C:\Users\Admin\AppData\Local\Temp\LDPlayer64_ru_1297_ld.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4308,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://encdn.ldmnq.com/download/package/LDPlayer64.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4144,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3732,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5064,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5540,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5460,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5632,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5264,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x2b4,0x7fff0ec5ceb8,0x7fff0ec5cec4,0x7fff0ec5ced0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,17294130290786860285,3281524011058668186,262144 --variations-seed-version --mojo-platform-channel-handle=2008 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2228,i,17294130290786860285,3281524011058668186,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1968,i,17294130290786860285,3281524011058668186,262144 --variations-seed-version --mojo-platform-channel-handle=3360 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | encdn.ldmnq.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | middledata.ldplayer.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f67e4da58070d8c2fdd1b99bff826a82 |
| SHA1 | 718129038870d4d336efa18bcefab4f1a960c249 |
| SHA256 | ef2ab1812231f9f2fbdfeae934d8e7d9c2e4131030f48355ae8087dc75a5e26e |
| SHA512 | 343a4a6473e0f930830881d0b8ff4c0064ecaab6b2a3b6778437660df9facf0a64f0b05f008dc2f565e6c3ad2ad2361f0b2fe7526f51ac99ae7370e19db6333d |