Overview
overview
10Static
static
700b9b6cf27...f7.exe
windows11-21h2-x64
105500734fe...81.exe
windows11-21h2-x64
0b75e2fadf...c5.exe
windows11-21h2-x64
80d5fa75218...64.exe
windows11-21h2-x64
101760c5727e...9c.exe
windows11-21h2-x64
71fe99fb7c5...81.exe
windows11-21h2-x64
72336173567...98.exe
windows11-21h2-x64
72522b83852...03.exe
windows11-21h2-x64
72af6bc16f2...b2.exe
windows11-21h2-x64
73d9f9c162e...64.exe
windows11-21h2-x64
73db846a796...e5.exe
windows11-21h2-x64
7493813116f...dc.exe
windows11-21h2-x64
74d61a61265...08.exe
windows11-21h2-x64
7510827ce68...c5.exe
windows11-21h2-x64
75642f8bd3b...2a.exe
windows11-21h2-x64
76c37d14d5a...4c.exe
windows11-21h2-x64
76c3c9af653...c3.exe
windows11-21h2-x64
777186e57b2...20.exe
windows11-21h2-x64
77bca70a81c...61.exe
windows11-21h2-x64
78e934dcd46...88.exe
windows11-21h2-x64
79a75c8e353...60.exe
windows11-21h2-x64
79e067453f0...f3.exe
windows11-21h2-x64
7a9a89ed0d1...0f.exe
windows11-21h2-x64
7b4ab8f5c8b...95.exe
windows11-21h2-x64
7c034313090...ef.exe
windows11-21h2-x64
8c45a330cf8...24.exe
windows11-21h2-x64
7d42fc4dabd...06.exe
windows11-21h2-x64
7d66f6565e9...91.exe
windows11-21h2-x64
7e16d377c12...36.exe
windows11-21h2-x64
7e302f733d4...02.exe
windows11-21h2-x64
7fe3b2cf08a...d5.exe
windows11-21h2-x64
7fff0ccf5fe...51.exe
windows11-21h2-x64
7Resubmissions
21-08-2024 19:30
240821-x76q3sweqg 1021-08-2024 17:42
240821-v92h2avgpj 1012-06-2024 16:01
240612-tgps4a1bqh 10Analysis
-
max time kernel
51s -
max time network
65s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
12-06-2024 16:01
Behavioral task
behavioral1
Sample
00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7.exe
Resource
win11-20240508-en
Behavioral task
behavioral2
Sample
05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81.exe
Resource
win11-20240508-en
Behavioral task
behavioral3
Sample
0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5.exe
Resource
win11-20240611-en
Behavioral task
behavioral4
Sample
0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c.exe
Resource
win11-20240611-en
Behavioral task
behavioral6
Sample
1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81.exe
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98.exe
Resource
win11-20240611-en
Behavioral task
behavioral8
Sample
2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03.exe
Resource
win11-20240611-en
Behavioral task
behavioral9
Sample
2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2.exe
Resource
win11-20240508-en
Behavioral task
behavioral10
Sample
3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5.exe
Resource
win11-20240419-en
Behavioral task
behavioral12
Sample
493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc.exe
Resource
win11-20240508-en
Behavioral task
behavioral13
Sample
4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08.exe
Resource
win11-20240508-en
Behavioral task
behavioral14
Sample
510827ce687ad00545a1726c25a00f65e7d685b7dcd857fc6f11a0392feee5c5.exe
Resource
win11-20240508-en
Behavioral task
behavioral15
Sample
5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a.exe
Resource
win11-20240611-en
Behavioral task
behavioral16
Sample
6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c.exe
Resource
win11-20240611-en
Behavioral task
behavioral17
Sample
6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3.exe
Resource
win11-20240611-en
Behavioral task
behavioral18
Sample
77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320.exe
Resource
win11-20240508-en
Behavioral task
behavioral19
Sample
7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61.exe
Resource
win11-20240611-en
Behavioral task
behavioral20
Sample
8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088.exe
Resource
win11-20240508-en
Behavioral task
behavioral21
Sample
9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060.exe
Resource
win11-20240508-en
Behavioral task
behavioral22
Sample
9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3.exe
Resource
win11-20240611-en
Behavioral task
behavioral23
Sample
a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f.exe
Resource
win11-20240611-en
Behavioral task
behavioral24
Sample
b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695.exe
Resource
win11-20240611-en
Behavioral task
behavioral25
Sample
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe
Resource
win11-20240611-en
Behavioral task
behavioral26
Sample
c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324.exe
Resource
win11-20240419-en
Behavioral task
behavioral27
Sample
d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806.exe
Resource
win11-20240508-en
Behavioral task
behavioral28
Sample
d66f6565e97f43030ff6fba9c9550894aad05affb66efaf561ec229d80b0a691.exe
Resource
win11-20240508-en
Behavioral task
behavioral29
Sample
e16d377c12b63acb694601b4bde36d61839054409e7fae1661fb051892d2ed36.exe
Resource
win11-20240611-en
Behavioral task
behavioral30
Sample
e302f733d4a31342a0c908055a6e59b3fd8f1ed3ce98750d00251e4f0efe6c02.exe
Resource
win11-20240611-en
Behavioral task
behavioral31
Sample
fe3b2cf08a6224a04194a6555b4593b0a7428cb1fe057c08776d09568fc58cd5.exe
Resource
win11-20240419-en
Behavioral task
behavioral32
Sample
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151.exe
Resource
win11-20240611-en
General
-
Target
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe
-
Size
856KB
-
MD5
733766ff5495f04d82744291993eb69e
-
SHA1
2830778313fd7fccc6c8129d419b1757368078fd
-
SHA256
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef
-
SHA512
cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2
-
SSDEEP
12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 1 IoCs
Processes:
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WindowsClientServerRunTimeSubsystem\Parameters\ServiceDll = "%SystemRoot%\\csrss.dll" c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe -
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
Processes:
resource yara_rule C:\Windows\csrss.dll acprotect -
Loads dropped DLL 1 IoCs
Processes:
pid process 1368 -
Processes:
resource yara_rule behavioral25/memory/4452-0-0x0000000000350000-0x0000000000434000-memory.dmp upx behavioral25/memory/4452-24-0x0000000010000000-0x00000000100B8000-memory.dmp upx behavioral25/memory/4452-27-0x0000000010000000-0x00000000100B8000-memory.dmp upx behavioral25/memory/4452-28-0x0000000010000000-0x00000000100B8000-memory.dmp upx behavioral25/memory/4452-30-0x0000000010000000-0x00000000100B8000-memory.dmp upx behavioral25/memory/4452-29-0x0000000010000000-0x00000000100B8000-memory.dmp upx C:\Windows\csrss.dll upx behavioral25/memory/4452-34-0x0000000000350000-0x0000000000434000-memory.dmp upx -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exedescription ioc process File opened for modification \??\PhysicalDrive0 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exepid process 4452 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe -
Drops file in Windows directory 3 IoCs
Processes:
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exedescription ioc process File created \??\c:\windows\csrss.dll c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe File opened for modification \??\c:\windows\csrss.exe c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe File opened for modification \??\c:\windows\csrss.dll c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1248 msedge.exe 1248 msedge.exe 988 msedge.exe 988 msedge.exe 1648 identity_helper.exe 1648 identity_helper.exe 2844 msedge.exe 2844 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exedescription pid process Token: SeSecurityPrivilege 4452 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe Token: SeRestorePrivilege 4452 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe Token: SeTakeOwnershipPrivilege 4452 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe 988 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exemsedge.exedescription pid process target process PID 4452 wrote to memory of 988 4452 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe msedge.exe PID 4452 wrote to memory of 988 4452 c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe msedge.exe PID 988 wrote to memory of 4304 988 msedge.exe msedge.exe PID 988 wrote to memory of 4304 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1152 988 msedge.exe msedge.exe PID 988 wrote to memory of 1248 988 msedge.exe msedge.exe PID 988 wrote to memory of 1248 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe PID 988 wrote to memory of 3020 988 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe"C:\Users\Admin\AppData\Local\Temp\c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe"1⤵
- Sets DLL path for service in the registry
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gusanito.com/esp/tarjetas/postales/buenos_deseos/excelente_dia/9742⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc778b3cb8,0x7ffc778b3cc8,0x7ffc778b3cd83⤵PID:4304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:23⤵PID:1152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1248 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:83⤵PID:3020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:13⤵PID:1884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:13⤵PID:2604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:13⤵PID:3852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:13⤵PID:1208
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:1648 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2844 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:13⤵PID:4880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:13⤵PID:3844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:13⤵PID:2736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,10536338290697686440,15481697426209226525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:13⤵PID:4320
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3000
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1744
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52dfecbb576ee9795c5284da8a2a3c7f5
SHA1f1f0a6a97850aca2b4ab267a017564af02f24948
SHA256dca6901942fa748fc01339192c0738a06847d8497c9c61298f1e5df1f8352fb0
SHA512d664cc261113427810dd0b2d32763ddd08611a528fe6b285782d6b8ac03304b72a90fe7f3f7142e825ab8d948d5c9cf52f420546f3796b2ac23f3d00f3c17389
-
Filesize
152B
MD56486ee9e961a437dadb68ff1544d18a8
SHA105f4daccca0bc1ce73fe71ad2325ba5dadd3df25
SHA2569a98b4686c9e90672a548c873943b3027fb111f7992263111d912318429f5834
SHA512ee3659f68a46f37f340f98b85a7aa289e700c5ced2a4f0104673bb5f18cc82d1e9b838ec0278407213c6ed2073998e7aad78a7a39390b7e460c8e26dfa91d0e9
-
Filesize
5KB
MD555497ae7add1841f4511d33c549a848c
SHA1b9ea59e5389bd471fde4fd9c3ed18a7ea4fd0489
SHA2569e8400a83fad8741d1b60217993902dbfb87a8f2dad03a8f7325942cc2234874
SHA5127487f0ba05a7ba19a459e77ebf23571c0e022ebca250e0b3b699674c6d3dea9faa5e67d63c1b5a2f4b8d3abec31e2472658620c5e4e21e53138d76e050f5769c
-
Filesize
5KB
MD5c5c596f1adcf7715c4f329da771cceb5
SHA1b668cca0308d6a898d7de26644d878201161321c
SHA256cc37e42650c3293e2f3a233e5fe5cb74634cd3bf1e39e2c05cf42e7c12709d12
SHA512f00e98891280ee99639648d6f907ad56142848c8cb846db470f8c11d17a0319d02c72f3539c4dfed72b53907f408c36d3bde1c1fba5e7a6f1bc0215c7207a528
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
11KB
MD5a21537a546206faeabcbf29335545bd6
SHA12e275dc6b5e6423111c7047e53f737711cdcf74c
SHA25697f6996b9838ec424a0c73e82331adf83947c882ea9fe6dd4e624fce72a6e0e3
SHA51226d5ff44e53051d0fb177b324934f0f4692173f92c6007d9ecc5e46148e441a30f5b8d8b2b8d3405f046c5da80026861c013fdbde144cd95f5704498d9318d33
-
Filesize
11KB
MD59c7d4b9d13439478c2adcea9d9bc8cc1
SHA1c5224798dca4591d6d8eb2b2f609450c2d89b567
SHA256b539e3f110ac350f3fa4d2d76c1249b0ff8411c833370e5cbfa2e582ad8330ca
SHA512dbaf238953e65b493973c3a7916fc727f2e49edd6847e6b0033e67217f2296ea70f131a676f30729bf72e19f5ba1bffb8553ee6def2bee3c285f5c3719652291
-
Filesize
655KB
MD57dd38f8951c2fa66a1291c7d297e1947
SHA1a3feb1be32160c5196bba30830c1543958ac0045
SHA256c6e185606e9ed62db354b8b8a298f470c01dcce8c5a4f409bfc5b918b5fd1c09
SHA512cf6575bbcf7c8442e98d3e05519c79eb58a1e268acd1b66ce1fd8e9e8192a3791ce02474e5a41c4848644806dbeccb40dba93e6ad57bb37a5fa78528df0536f6
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e