2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2024 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/System.dll
Size

10KB
MD5

56a321bd011112ec5d8a32b2f6fd3231
SHA1

df20e3a35a1636de64df5290ae5e4e7572447f78
SHA256

bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1
SHA512

5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3
SSDEEP

192:uv+cJZE61KRWJQO6tFiUdK7ckK4k7l1XRBm0w+NiHi1GSJ:uf6rtFRduQ1W+fG8

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1888	4764	WerFault.exe	82

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1712	msedge.exe
1712	msedge.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 4764	4720	rundll32.exe	82
PID 4720 wrote to memory of 4764	4720	rundll32.exe	82
PID 4720 wrote to memory of 4764	4720	rundll32.exe	82
PID 4212 wrote to memory of 4656	4212	msedge.exe	113
PID 4212 wrote to memory of 4656	4212	msedge.exe	113
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 4972	4212	msedge.exe	114
PID 4212 wrote to memory of 1712	4212	msedge.exe	115
PID 4212 wrote to memory of 1712	4212	msedge.exe	115

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
  2⤵
  PID:4764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 612
    3⤵
    - Program crash
    PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4764 -ip 4764
1⤵
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa30f246f8,0x7ffa30f24708,0x7ffa30f24718
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12715573318949123901,8553118581749733660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12715573318949123901,8553118581749733660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12715573318949123901,8553118581749733660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12715573318949123901,8553118581749733660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12715573318949123901,8553118581749733660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ef31737bf1f0102db36197452763587e

SHA1
f50e55dfbea5dcd2eadc31b6139630d700bb7efa

SHA256
539a90fda568657779acec3b906308c8701790280c5532b09572df3053f8f592

SHA512
afa23add76b5d7cb5677b8797c705ad2a3bf280e1bf13c569c65eefd7131fe94855455e9541f7f941435b43716f46c27192535605a29be5d7c9c0a29a3e6dc84

Download Submit