d56176af1f4f536cfd1f41eb5559e6733e7694e61dcfa4b40ab03cb01e86d572

Analysis

max time kernel
156s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mtc-artillery-overlay.exe
Size

6.8MB
MD5

42aaafe801e51ec0fdaa45ec84bc10fd
SHA1

4104ba1741065adb2486381c1a2f13576a8e2304
SHA256

99208d8532dfeedf1d2d1e155ff05bcacd2705d58d58e92f4b0846dccea07e65
SHA512

9621c3138421abbb91a63bb1bf14c3efdbdc47ed26ce168efe2d65cbcd0d3edf411039710d92231d7da135707801025da33b7a349ec590d3b5070d060282ae44
SSDEEP

98304:cf2S1l5xiZzEekYKG8mTYBJV+uCIAvs9iVK6:k898m8cYip

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mtc-artillery-overlay.exe

Drops file in System32 directory 27 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\symbols\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\symbols\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\symbols\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\symbols\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\System32\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\SYSTEM32\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\system32\symbols\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe

Drops file in Program Files directory 23 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\adblock_snippet.js	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-RU	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-ZH	msedgewebview2.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\dll\ntdll.pdb	mtc-artillery-overlay.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-ES	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-NL	msedgewebview2.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\symbols\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\symbols\dll\ntdll.pdb	mtc-artillery-overlay.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Filtering Rules	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-DE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-FR	msedgewebview2.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\symbols\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\EBWebView\x64\kernel32.pdb	mtc-artillery-overlay.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\Part-IT	msedgewebview2.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\symbols\exe\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\symbols\dll\ntdll.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\mtc_artillery_overlay.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\symbols\DLL\kernel32.pdb	mtc-artillery-overlay.exe
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\ntdll.pdb	mtc-artillery-overlay.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5552	msedgewebview2.exe
5552	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4996	mtc-artillery-overlay.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 5552	4996	mtc-artillery-overlay.exe	91
PID 4996 wrote to memory of 5552	4996	mtc-artillery-overlay.exe	91
PID 5552 wrote to memory of 2728	5552	msedgewebview2.exe	92
PID 5552 wrote to memory of 2728	5552	msedgewebview2.exe	92
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 2512	5552	msedgewebview2.exe	99
PID 5552 wrote to memory of 4004	5552	msedgewebview2.exe	100
PID 5552 wrote to memory of 4004	5552	msedgewebview2.exe	100
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101
PID 5552 wrote to memory of 4256	5552	msedgewebview2.exe	101

C:\Users\Admin\AppData\Local\Temp\mtc-artillery-overlay.exe
"C:\Users\Admin\AppData\Local\Temp\mtc-artillery-overlay.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --accept-lang=en-US --mojo-named-platform-channel-pipe=4996.4832.1789422273489762098
  2⤵
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:5552
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffd7c282e98,0x7ffd7c282ea4,0x7ffd7c282eb0
    3⤵
    PID:2728
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1800 --field-trial-handle=1804,i,11510215408169973244,16478004914611627271,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:2
    3⤵
    PID:2512
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2112 --field-trial-handle=1804,i,11510215408169973244,16478004914611627271,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:3
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=2292 --field-trial-handle=1804,i,11510215408169973244,16478004914611627271,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3360 --field-trial-handle=1804,i,11510215408169973244,16478004914611627271,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
    3⤵
    PID:2964
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=4052 --field-trial-handle=1804,i,11510215408169973244,16478004914611627271,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:1
    3⤵
    PID:6140
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView" --webview-exe-name=mtc-artillery-overlay.exe --webview-exe-version=0.2.4 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --no-appcompat-clear --mojo-platform-channel-handle=3400 --field-trial-handle=1804,i,11510215408169973244,16478004914611627271,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version /prefetch:8
    3⤵
    PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\adblock_snippet.js

Filesize
2KB

MD5
4dfa3a341bfcdadb42f25a9a4bfdf152

SHA1
94cf328db1e1c355f2e008ac5408d1d929582863

SHA256
a12f977a31624efa0d30eaf0a4e613fc1924e7494411fb8584530016b6cae1c0

SHA512
5273b146edba6a1465f2360b9be46771f575c43c6240c822cab0ddb475e980d048a8f5f9c87312ce425122d70f7c8f6d6c7b700774746fe9c155c344547c9d67

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5552_1429652069\manifest.json

Filesize
116B

MD5
178174a0125d4ff3ed5211426f1ea113

SHA1
26f72c5a2f65c767c4edb04d8da62bdadc02e809

SHA256
64986dfeefa8855069e799b28e5523b35c9efcf2ea152a2b03461471c218da1f

SHA512
c0d1d9555f4cd7e9a4b0ee5fc1b069782638ba1680d18ba9c83f796746086b6afdf1400c80b7f586422c3a2a73e51bd04fb250e2db818ef723cb4f7a8b3b15a2

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
99b1cfb4db457620e01dfd6ea0539771

SHA1
f04cfaae37ff7d064ca1fdd0a6748fa9f8284abb

SHA256
5bca3d6ab3af75b5cf5a3f2cbbb55358e80592e5a140a5f8e8290325464337a0

SHA512
3acaf535416a2e99371d91f53fbf357b3f507c2abd1efe3e5d3c8cea8e6310adc6deb327344b1f16a553e674176a2ffe2b886fa054b7220535ae90aa48085cc7

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
f5fe6640b56355febb67ccfa1573c9b2

SHA1
70bfd4664a9fd9171b0a9e9e80296697509aeaa2

SHA256
1a38d8fcbe1cbfb5338fcc9869d055f99f9525a82d40d135e305658034035d7f

SHA512
7a3dd11f3c766219401536a0cae16cce0550739e9d254186d0ef3de3b1a319b5dfab4c0ad2f41e189d93ff3432d191ad4e45094d3b542362c72bb2059bb541e0

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
0782d131825fd936e144be9e517942a3

SHA1
b95c9f331f63b8d59a7645f8b6bf7651c92e5ada

SHA256
72cbc3208ba01a53176348ae3eb5d7fa5b8e56bb1d593d587a95456a89b0f3d3

SHA512
9c0e8fbaa0e417a2df88ff666d563393b4a6cae4406f7a898d2a93df4550248c2d87b9376f7498e24549a06c3c0091c92db52dc484f96667e1637ab4efec0fc7

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
edb6e381355b9e0798955568506311ea

SHA1
3194e24b35128dd22bc014520a551e11b11c3d34

SHA256
f6de2365ea3fbd834e032b1f9525ee9fbdb0cf7ffbf0a6d205da80a1beb4c729

SHA512
3a6d9afe29dbb5093073d79a0abb62eefb4f1e7ef3d5ec868a9b2b6583fe7cf99b9f7ff0989748c23fd4acd5b313ad06a1aa79d9aa844bdd7957567ab49615e3

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Network\Network Persistent State~RFe5a35d6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Network\c6cc82ce-e5a6-4dbc-8066-f127aeb3f60b.tmp

Filesize
1016B

MD5
001a2adcc08df7022f576135ca6f8e39

SHA1
baff933e3459171d08e1593be3484a51de8f086d

SHA256
05bc10886f39fb55dc7c4a5d0d0a64a33b6273e97f895c0b923a15710f0d261c

SHA512
d7a64f31b9f1b78903678189c44daf6ae42c42a61e48887268abc2dfdd415bf1578edc0e28de5736efbf2b017f52f10af06be3d21bca50c4590b9de09ce52b88

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Preferences

Filesize
6KB

MD5
1156bcc7715df8e5200c91f3f17719cf

SHA1
86c697e8ee76f606d1e2747b4f69d7b7787e042d

SHA256
15df52357c84894753ba06d2421522e771b3279f371f49a42a7c07f00225b724

SHA512
b35d704d9c9ae6beed88396394ea91fb3a939a7937dd31391781ed90fc500a4ee87cb6854a136151ac230d45485f940c0d8328b3a40afbe4b8343a57acdf55b8

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Preferences~RFe5968c2.TMP

Filesize
6KB

MD5
efb91fc696538795ae88f1548b653ed6

SHA1
d20fe7f2bfa6afde1684b05aa423815876f5b6d6

SHA256
4fe1dc15a3d400850fe7d1dabd1efeedf7189c1dd5698c28a5c4708b5b287ded

SHA512
38607dbca6077632b8ef3fc033554609f4f5f83bd1601d3cfb319ebfe146c3e9aa08dca4d593b934c012a5472c5b8893b3b9490e5b29527bec35c6fcc8ed0426

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Local State

Filesize
2KB

MD5
92ddefd6fd8d9789e39bf06e0ceda4dd

SHA1
5d9f1275fe188e6fb40b9073316e4dadb091c206

SHA256
1c90763478db08e7dfbb4ec7f659275bb8e2e4623b4d8f25c1884043291d5e7d

SHA512
6d9674296b6931fc576c4152b9bf5f88eb358aec2dc328833c5fdb57cac8d0ec42e7cc7bb0dd9a9e317ef7e1530dfb8533b7e286ab2d376150b22d28fba793f0

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Local State

Filesize
3KB

MD5
6a7a6d4ed313e62987967f5d90c51938

SHA1
a9511b72f8587e59927492ce213bb06ae7e3e66e

SHA256
119f092d3c4350213997c5db73f7354da426dd9eddd745e14a3044a88bcf1736

SHA512
dfa68c8bc0f511c6411f78a073c5395aae732839e0ca4d200bbffef2278b3ca73cc035c0ebba71629ee6b40147d0f42977fb1f3fb80ad28ffe853f97373cc999

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Local State

Filesize
3KB

MD5
664c9611352c7306e3f2241bcde8c051

SHA1
2860b245c0ecc256051b0e6ca1166aca1cc477d3

SHA256
c3e4166a3179948725c25fc922ac597898e86200bd36e7250bde2bca18f73ba8

SHA512
1d9489480164bc760f41bb6be7857f44b97c0d71715d4bd6a50b31b8bdd5ca1142952b6ceba7c3fdcb0e21b2cd193cabf10769745b549091c090671687f3ca14

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Local State

Filesize
16KB

MD5
4886692dd0c42296feaf46f42110932e

SHA1
9ceba25a24333b20b973f1bbe7eff80bee5cedf9

SHA256
4c588a14fa3b206bfd1a9906b4e9b71df71f8dc8a9203888040d0947022d1e49

SHA512
8a3e26139396e7a0a4564aadc2fa5035cf6696da742179ad3356a01ebf29b60f8c7f9782936955a1981607d8e4d909cfdcd5e9e9d62a429c086890b1cf4b3c09

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Local State~RFe59143a.TMP

Filesize
1KB

MD5
c20cd1451acf2bd2f87d0f0bef90546a

SHA1
d8b8021fd7c0fc2720267f6995b306f7c48456e6

SHA256
ef2a91d812848ab5f4288e85130b643f171a70d3ae93df431001f6333467fa1b

SHA512
1e8cf83674d0e721e100fa6f7ec5470c6f4d8c05841113ae21095723808c17339b084d893b68f6bfe3c05843b940d8e9f4ddfaa5da5767209974349d20d77bed

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\Filtering Rules

Filesize
1.8MB

MD5
a97ea939d1b6d363d1a41c4ab55b9ecb

SHA1
3669e6477eddf2521e874269769b69b042620332

SHA256
97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

SHA512
399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

Download Submit
C:\Users\Admin\AppData\Local\com.artillery-calculator.overlay\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.52\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
memory/1616-300-0x0000018566BF0000-0x0000018566C20000-memory.dmp

Filesize
192KB

Download
memory/2512-15-0x00007FFDA1440000-0x00007FFDA1441000-memory.dmp

Filesize
4KB

Download
memory/2964-49-0x00007FFDA1440000-0x00007FFDA1441000-memory.dmp

Filesize
4KB

Download
memory/4256-196-0x00000232532B0000-0x00000232532E0000-memory.dmp

Filesize
192KB

Download
memory/4256-29-0x00007FFDA1230000-0x00007FFDA1231000-memory.dmp

Filesize
4KB

Download
memory/4256-30-0x00007FFDA0E50000-0x00007FFDA0E51000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads