Analysis
-
max time kernel
128s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 18:18
Static task
static1
Behavioral task
behavioral1
Sample
.html
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
.html
Resource
win10v2004-20240611-en
General
-
Target
.html
-
Size
14KB
-
MD5
dc32246898c9b1c6cf000d0699d91656
-
SHA1
17ee4135b40e5748bc9e8dd5808d9678084ee01c
-
SHA256
a29954a0eebaaaae33399a5327e4fbcd1b2b0ebb8a1cbb6f2600981af1c3dc81
-
SHA512
de0651413c21c25792f74c0279722fada8f89ef70c78c69744d3d35e8e40c2eeee24095239bd40d7815b38c5f279c897d7c8013bb325146f96b0ad824a505ae6
-
SSDEEP
384:tEGRNprwiD5F1yqRZdldjiQi6K84RZdldjiQi6K8EYGPA06y:OGRNprwiD5KWbeGKrbeGKHYGPA0R
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 47 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exemsedge.exepid process 3740 msedge.exe 3740 msedge.exe 632 msedge.exe 632 msedge.exe 368 identity_helper.exe 368 identity_helper.exe 3376 msedge.exe 3376 msedge.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 4428 msedge.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
AUDIODG.EXEtaskmgr.exedescription pid process Token: 33 324 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 324 AUDIODG.EXE Token: SeDebugPrivilege 1884 taskmgr.exe Token: SeSystemProfilePrivilege 1884 taskmgr.exe Token: SeCreateGlobalPrivilege 1884 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 632 msedge.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe 1884 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 632 wrote to memory of 4372 632 msedge.exe msedge.exe PID 632 wrote to memory of 4372 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 2396 632 msedge.exe msedge.exe PID 632 wrote to memory of 3740 632 msedge.exe msedge.exe PID 632 wrote to memory of 3740 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe PID 632 wrote to memory of 4772 632 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afd46f8,0x7ff80afd4708,0x7ff80afd47182⤵PID:4372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵PID:2396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:82⤵PID:4772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:1444
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵PID:2820
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:368 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:2184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:2316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:1112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:4708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵PID:3368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:1584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:1916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:4700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:4260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6140 /prefetch:82⤵PID:556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:2576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:3648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵PID:2492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5920 /prefetch:82⤵PID:4976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵PID:4704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,15590774141336767922,4717662990625224810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6240 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3044
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3584
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4100
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2876
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:3796
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:324
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1884
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:2652
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:1052
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:4648
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:4056
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:412
-
C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"C:\Users\Admin\Desktop\DesktopGoose v0.31\GooseDesktop.exe"1⤵PID:1648
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
19KB
MD5c52f3521639f61d058b371c90f7340a0
SHA126cda00aa74d363215fe8e5de80878cf767d9747
SHA25698dadb40ba05b9079b6c7cfdcdce83a11764b15cee748e1d6b06ef13e94f1736
SHA512ead5c9d264cb85f32a1e4e7ca84df51b2d8fcad89abe35b8a9e461cab914224e5ee9c3b0cbcaf720ffaf43566b9d9c958667024e0e6988f948640fd782ff3f23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD517638683ff68b1ac246c96793975ad3a
SHA142105c2e591c0091720b222683420e8c0897b5e5
SHA256c1ce77e3a62188c9e01323c7dd5f793259b68c53dea14d504072aecdbacfe53b
SHA512693d065fa2ff69292062af11b1701ff31f98aaddcd7854bed77d920e26ab276eaaa25709e048aeb45f5c38b80b7a0d9101251e8344b4057053e0c83f55d3f65c
-
Filesize
4KB
MD5ffea0ca020279ddec82fcff2ac95c302
SHA1fe0f3f460d3cc623174453d219e2f46bfb5914cc
SHA25658207b703691b61bea5c3b87ba41f7e1173f6d0c6bdf5456765f23d6f2924af4
SHA51254b636cdfa521da244eadde3dbc5dcc490f207829e370dd101d2bdc24f99e8c2dc5c3e01305edbc9c8d3bd51134cf168c5aae74ad5f8ee733c8519bc2a3a4a9c
-
Filesize
4KB
MD50917a60da390fba98352b4027b08447e
SHA188588f62b2314299150336aac563c731392c6b8d
SHA2562f19f1d0aaa1d549e4cf8a7abfd70b088741615cb39cb47eafd7ab17b1c6b345
SHA51286c132476f176fbc8c9c773461d4732e67aa46c5f033a8770eb137cdd5be80f58bd566971a6add547c8391cc47ea933040009173887017a0dbe43e4d301e2ca8
-
Filesize
6KB
MD5be0edce0b540675f8853d1adc3eda6e6
SHA1c1b6c02683d34c21017bc2305992d3531ed6ef99
SHA256ec0977d1b3913213048824e9e719e13d78c99f91f17fc7a34d5e0b4ba1459038
SHA5124d2f49e1197e91f76dc4f33d859c2d00883b1d996016aea89737f0dbc8353f58da34f99c2dc5be0605ba0692f3238c8b89381767253d2af2de6925f4ab607d5b
-
Filesize
8KB
MD5663e270619318be334081c3684fb83f8
SHA10ce826d38112353ab3b4169cd77981d24b332ab3
SHA256ee5716606a7fc9f303ed6038d305f00f52835a39d7d1f7d5687ff020959ff97c
SHA512fdd1564851d88d39f96b8a3bfa07253bb23e8fd39905ac1547b96a082f91a6f35cfc560e6b9c6e93877a5968651d5517d6e82dc0708028bfe509c6b575d72f8a
-
Filesize
8KB
MD5522450caba219656bffc6c50f0bfff2d
SHA1161d7d45e54ca0dd6b10a0a900fff893109c1a4e
SHA25693e81338ba6f3ea6c29fc6770783298b028d147c0ff49feb10192b1e762d36c1
SHA512b45fd837b9ab89b24b35c9ba4a13d54ffd002b26db679d280e48201ea1cb71f2ee6459047b73995ff232219b256f065141418c4af2220d17e12db4baac76368c
-
Filesize
6KB
MD5c19ef7e92ca551b292b4efe7b3bcb566
SHA16cbe5e123cb824659e1c3ee0489eecbbec928053
SHA256fc4b6b588b95cd69f1aa33e93baae246fe05a0b66c5817c358c0670ae3297c4e
SHA512a32ed1e82325868d352fd1c5a289e8fce0bbcb749e47f255b3f684a8bfeda3742753e0dba6776933f8896291ff93023bdb8924abcd336eac4a4e2c794950c401
-
Filesize
7KB
MD5c74c038f5af8ccb18c208d1d7b0964dd
SHA11a4dd574aad704e0feff34e1aff3cd6bd8b155ac
SHA256653d38ea86534916179f1dfa82c695206b1dd140ad5c4c3bc690aa30bd080b27
SHA5126df4444a9098dba971c318bed5a44f3456205961071159923c1c45ccda8e11c73597ee68b4c34c88bd9edae345db504fed1a135ed0157eea2f6d18614096cb11
-
Filesize
1KB
MD52800bf31ac87ba02e2c564d01b24a970
SHA1824a00367c0c6ad9c8e527016683f859ed76295e
SHA25656ef4a13287e0bd2238df0135013bb65af771e65e18cf17f8913965783951d0b
SHA512e4022b85206fceecff0b46e397840e409ff600b93c59845d3697861f4686d2585240a10f3382efb08513f9214c3c49c1385feb14379f6ca983dfb55f2e9d7b95
-
Filesize
872B
MD5022c9f98219848d4f966f99678df06bd
SHA1c80612635e3c1c8a59d23c4bd4eaba1fd78adda7
SHA256e75d59ffdfc2f50ad5edaf3236c6af3dabdb791fe3fa788df77b5a7844d711b4
SHA512aaf8f307e4c35af6ed0d7f3278415c6947b66230e462410579840aab854d732a288d11cc0ade5a70b3084d6e5874dca90579236808f1ddac174cdc6d3ccec8bd
-
Filesize
203B
MD51cc3d62c876ad4dea6e8f8648bef6bde
SHA169a37a20f35853b419ec51a248dd0deb1e597e6b
SHA256acd8219dcb08542455fa5d21395a577d9f88a451f68c0929f6a526cc48d39243
SHA5128807e47f9838f338f2e6aa0df28bfbc0fc8cd710da4cfbcb9cae328993090952031362dbad49a2e7992fad0a96a36638a61406eb9471e9f79356886bbc9f1349
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5621f89c011270b1cd6d3291e26fd1a5c
SHA1c19b75623d8c822eda7e92bccfb57bb29b51528e
SHA25682a6711688fd50c4a1fc4091a1f47cd9588fe0f15a2d9891d1069ed3ce2661bd
SHA512854e2d01fb2595cd3c7247aff0773af95a3d641f0c08ccf3e5dba20a607ff2922526caf9e01bf1bb718cc07f7323ef7c964dd1472b302e998bbdfe371ed4cdd6
-
Filesize
11KB
MD568c5152d426c9558e43efff9fc3314b9
SHA130cf91488d6a9e6686b2219840a08b46652b517d
SHA25614e48c1abf1dfc9437d6741b273490fa3ca5a236c5222972ec69317dea98f302
SHA512cca966467b3ddc153510a69df67f4a8283f1f0f28210e68e3d7e5e463b0dbfc92bf005b4988328aeda5c153b4d6f9b84f9c4fe9bfc6b558ec8f05e1becc36f4f
-
Filesize
4.1MB
MD5eaad0961b52b14d9a323f092ef307d8a
SHA1feb3aedf16432b063ff93c90623a865a1fd5214a
SHA256e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6
SHA512fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e