Analysis
-
max time kernel
2251s -
max time network
2689s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 14:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip
Resource
win10v2004-20240611-en
General
-
Target
https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 640 chrome.exe 640 chrome.exe 3368 msedge.exe 3368 msedge.exe 3372 msedge.exe 3372 msedge.exe 1768 identity_helper.exe 1768 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 640 chrome.exe 640 chrome.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of AdjustPrivilegeToken 62 IoCs
description pid Process Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeShutdownPrivilege 640 chrome.exe Token: SeCreatePagefilePrivilege 640 chrome.exe Token: SeLockMemoryPrivilege 1360 xmrig.exe Token: SeLockMemoryPrivilege 1360 xmrig.exe -
Suspicious use of FindShellTrayWindow 63 IoCs
pid Process 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 1360 xmrig.exe 3372 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 640 chrome.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe 3372 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 640 wrote to memory of 4700 640 chrome.exe 80 PID 640 wrote to memory of 4700 640 chrome.exe 80 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 2900 640 chrome.exe 82 PID 640 wrote to memory of 5060 640 chrome.exe 83 PID 640 wrote to memory of 5060 640 chrome.exe 83 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84 PID 640 wrote to memory of 4104 640 chrome.exe 84
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afcab58,0x7ff80afcab68,0x7ff80afcab782⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:22⤵PID:2900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:82⤵PID:5060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:82⤵PID:4104
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:12⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:12⤵PID:4856
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:82⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:82⤵PID:2996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:82⤵PID:992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:82⤵PID:4884
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5112
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3372 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffffbe546f8,0x7ffffbe54708,0x7ffffbe547182⤵PID:3276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:3768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:12⤵PID:1052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:12⤵PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:82⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:82⤵PID:2656
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4272
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5060
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵PID:2764
-
C:\Users\Admin\Desktop\xmrig-6.21.3\xmrig.exexmrig.exe -o pool.hashvault.pro:443 -u 46d7gtNUPbDXfJ8BGdfQjYhaXDU1akbwCGST4hNmj2F4661WXFsZ5myKAm5r46TMZmJ2cFURrAWaiSJh4W9wqzEd5REPnzB -p Linux -k --tls2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1360
-
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵PID:1728
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ff1c162800346bd8d15c169dd2242315
SHA1f9cfa9a96bc20850f7eb238d9663a1cb106409b9
SHA256644fb4ea2b41a1b88847bc40071a001ba30c666dd7482411846d55351298eb10
SHA512b94643f479223f759b17045a89659a78985f04ef201d257da6076eb3c3a59be08a2995833a6bc2019a159dda70e3934ea52e98c1caab441e07c75daa98b6039c
-
Filesize
1KB
MD5f7b689147e5a0c3761a41f1a16f7f2a6
SHA1dd7e22b9a61a3e00d357dc1abd325311077b2f64
SHA25646d2a5f7fc1ff6ec73d46badba589ffce4e21deccc24e2f48233024f6b316ce1
SHA51252537e19df956de1476b2eecd5fc566a612e8db2983a69ac854a9363163ea77902d3b894448aaba199d53cd44d4991d5b889d1c765c6f0d560aeb2da103c3da5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
523B
MD51bbf3c3897dcfaeeb62f0c8c55306e58
SHA1b704ae85c14ebf77cd88f5b55424a99721cceb46
SHA2565c0a0ac473f25aaa92fd4b2bb0e4d9ba5b0de80db3f240fce271eb124e807060
SHA512861f626ea659ddc1abf80fed0506195f5324f31060eb58740d256548fa828ec1e4edfed7e7b8c846930922f842517f94ec9db0ac4f0b08920aafd22031723d95
-
Filesize
6KB
MD51fda2b8f57f3c2fed85c528d9837b421
SHA1d5571cd248782a3cdb6c729418af4542f2e04a47
SHA256ca561483bf35ac7d29c21c7bfb8064c4ed5fb10c1c295c9d1a4ce48ccc582e9b
SHA512e9d0072b061172a76d56ceb2b80b3c2a1622abdb7342aaffe09fb76fc36530a720af488d66fe18b1900b5c68376a42aaf565ff11f38d95104e959ed46de531c3
-
Filesize
6KB
MD5c141e1764e852ac5d497791780acceda
SHA1d57c5684a3be417c42610d1d8785375d12765d01
SHA2561c4ec887faae898cdcd0139ca5431d557b7be7c2df5e708f741d9afd37a9b881
SHA5126414e432ec02af8a0461db390555714f18b2a657750de01208edd88d270327f7d83f411d9a36f1ddb5defde43326b2ce63b4b8c4e7c0bd2d1ebb85342ecec8e1
-
Filesize
138KB
MD525b5c6a948c72f127285d5ebc3140746
SHA110bd8743ee7b1a25519423adb4eb7b17896ae276
SHA25661ae2fc0d75fba12b14f210687c0730ba028e88565ad4754586b9f7dfa5f2214
SHA512700c058af9f84b34b3a5d321a2fe07b55863688980e39f64b480da15c31a1ccfdeae801f71c6ec3e818ebb8eea110813659bdc08e200f1a1afaa97d0594672b0
-
Filesize
138KB
MD59301be1a98ffe1ba2f73018b6d471a78
SHA1c37bdaf36902c0c422ae37dfa2a39812b771c87b
SHA2566aeffd9048987c7a21d5ec857ef07af189ce6a162f0ada678aa275878d5f1e3f
SHA512ddfe6c3a8ce3d18e0a6d043d44b6ffd96bf8070019012191c00360744ebdbd36a164e05ed7c87f9e124513e5d8073211fe130423a33d859b690335938b629ca6
-
Filesize
264KB
MD55dfc288bd3665b129a70511b5f37ef24
SHA1a0c38ee2688d2fb10816c74474f69cf1c95c7d51
SHA2560ba3d84f819614544d2f079ad763b3e3fa2436d91f4ca7847eee887a0d832841
SHA5123b8c02bce5ce8870feb2b09ab38a6de78702cb9f16fec1d1ec3e5e38b472c0499d20052fb249ea0cc8fc5c87cbe6f62e3cc3ce3fed7a5097d072cddf52a8be1e
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
540B
MD58551f7fed51dcdc07fd5534ea089bdb8
SHA14eb202c57ddd65e6f40b15e645ea31fcb92ecc5a
SHA2564c4421f5136c561678d29062af1249a86543a6d89375488b1636fe82d2e9b01d
SHA51224070759593a7658becbeda47f4cedb739b26690f796ad47bcff1c14e549b1c831ddd1efb6225ad3d5ca43e699de8af1f17dceab0c4597bf7978f891a54635cf
-
Filesize
6KB
MD5e2b6cf6528a62da7005897a584c521ab
SHA1a711e25440323ffe5c82634327f13594cb1ebde7
SHA256b8d83560573bf32c10370c82f4106ef21b2762016538243b95abf6d8c5b403ab
SHA5123855897001c7b16fe4657c211ce9bc69a81c376614a72af17380bbbd031321af5533f431f9953a5d6958f082d7c8f6dc59ac6fda4c5ff0c003a35b5220031c86
-
Filesize
6KB
MD530d3db21c73e82d4b3a85f5df512caaa
SHA13074a4b70b60c8d6d9dd7ac7c1bc3eeec93d6139
SHA2566a396e620a06810353427248ecc8a72e0e4a5919f55d7c226f25f725dacd156b
SHA5128d351d0adef7b8426578eba3d66d7f20603c71e03180d1965784ce1c623fc2c68605be2a535559fa2804bc612c91c9312553a87923c5fbca320865075ca046d0
-
Filesize
6KB
MD5b9bf56d96545dfb5a6b1f7b716e928e4
SHA187e1a46213de59c40c9040289aed6bdd33fd1551
SHA25601a119f32d103e6432daa1e2105c18cf5e209a55de8298dec2d43ee302db95e9
SHA5126241453778d83242104fff80d19dde18c9cf8fd2964fcf011854b2644b76a691c7e8e898965793cc7634ca33a9d1f267e0e1bd43a9336e8a67a14481af57e80d
-
Filesize
6KB
MD5c08a61f76cab130421af0b2a847f7c85
SHA159671ecd47e0f0fcd7bd853e67f02f12ee178927
SHA25641fb799315bffa6dc45380efbe9697513899c6426fc19278af8a7600c7ee80bd
SHA512af1eaaa81a77a72dca16b8c6863af18362379bdf4aa5472bf8ec0a23c421d2f3c65a8fabe8ab8e8dfe5f9c5819a3427c71f1761ca6b6dde1de155235c609e40f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5127fcb393e4c2aee82959e9593769965
SHA175a111e492291ac30063bdba107e7c8835d314f9
SHA2568491095ca9e5b387f0013d7effc29894fb51c658524f105511fbf99bb01d2857
SHA51232eb00c7b0205755713b59f5a25fcc1bdc761bd0fe73f97d4e7c71d666658781198f0d091f19c98f827774ded5d0e9e08100ddc67ecc15f0bf078a5e3a5b658e
-
Filesize
11KB
MD548884b866159cf59db08d0efba87250b
SHA10491be5e7b40226c803305e1611a028d426cbf05
SHA2562534ecf370698bb1a0c874117826921d22eb9b82d070c353f0462444140173cc
SHA5128f5b88124234810c358fe623af375bea31485a2fde3f7cae697da7ba010248b8cd19a13d51a813a442d6e116a01762776535808e9edc5de50fc519851614910b
-
Filesize
2.5MB
MD5cef0ae1ab544e40b659261a4e07fe48f
SHA1e5ff855ce3c7726a50eb50a634ff9f406b3df093
SHA256713263085499ae626a6148fab67932c9a69611b21ac3d04cf52a5e23495f902e
SHA5121fb23b385e6cff3653f0b4b397d092c7be4df62899c97e18f675df2024e5f06ef2596fb626b85ae2ef7d7583c5bf54b00dba1a5ad566c2707a669a48d9814ba8