8d87897242b12a5327ce2f4d6b5087a9a7c6071722c34e849b95730d6b7c1134

Analysis

max time kernel
0s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 20:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

l2text/server_help.htm
Size

1008B
MD5

8ca4068d7cf9bf1e6cecaf7236b06df6
SHA1

810f62ae006d5f5f6c187a285322ae42b2c9e027
SHA256

3364475c70b49af969e0611c88bf02e204582b5bbef8835ebc42783e54749efb
SHA512

e5ccbe4e45bac2cbf74705ce7c8b449aff158041b1dcbbd3fd38d7f0dae5b1a6791c9c7308a0cae7f57cfbb98e6508753389dcc8ea7d0d7189929f32e70b858b

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 5056	3124	msedge.exe	80
PID 3124 wrote to memory of 5056	3124	msedge.exe	80
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 5072	3124	msedge.exe	81
PID 3124 wrote to memory of 2948	3124	msedge.exe	82
PID 3124 wrote to memory of 2948	3124	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\l2text\server_help.htm
1⤵
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7fff488146f8,0x7fff48814708,0x7fff48814718
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11418686381116577185,15530782046776029043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8d797dea-cbff-47ff-86f3-41315e8c3695.tmp

Filesize
6KB

MD5
11948a88467d8f75724be3533353c4c1

SHA1
24f735a1d51ca6088629e4c3bd38a4225382eb4d

SHA256
f19c905fce4150d78a2afb60b62af1e87d0f33da0bad43f5e17b4212ef7ea337

SHA512
0d1ad11dc6c0aef82d6f9a86648edcc7b8cc0f40e5dc511e5c9fa5a2fe36dd0c9ee9bbb6cf6e20524d37d1c58a4e21dc2ffc1deecda40225d37310e6d8c57e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d51e6dfb8d132fae0479129b972851a0

SHA1
f43d52c6c3d34e8153a7a91f085be22ace98f46e

SHA256
b4a0d3affa73ccd892ae67bf65bc9042b132aa69f21d7bed4d439db5a6568f7e

SHA512
bb3eabef387b667b6b5ae5c749967b117264d4b568f4562b5b6f1234797956420e204aeb5d06841eb06323ac391fb00dcea407af853b7fceb47de3527c7236a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69b46bae431dcf6e6f135e730d8d5401

SHA1
be74c502f5d6c8cc5152d9aa71f58589334c103b

SHA256
edbafbf4aa0577b4c719ecc1135d44057ccb1e858503d6f3d211813fff851a47

SHA512
3eac8c05bfb9ba11a2026b469e92a03bc2e89d54d7c6b3b6fee999d545885581a523e12c8acea0a4b61e7ad43fa8edfc48630853cb71439cddae3cc9cf8c2193

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads