Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
15/07/2024, 13:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.123freebrushes.com/download-designs?&key=3346
Resource
win10v2004-20240704-en
General
-
Target
https://www.123freebrushes.com/download-designs?&key=3346
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000_Classes\Local Settings msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 5356 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 5080 msedge.exe 5080 msedge.exe 3120 msedge.exe 3120 msedge.exe 5068 identity_helper.exe 5068 identity_helper.exe 6068 msedge.exe 6068 msedge.exe 5552 msedge.exe 5552 msedge.exe 5552 msedge.exe 5552 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeRestorePrivilege 5504 7zG.exe Token: 35 5504 7zG.exe Token: SeSecurityPrivilege 5504 7zG.exe Token: SeSecurityPrivilege 5504 7zG.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 5504 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe 3120 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3120 wrote to memory of 4944 3120 msedge.exe 83 PID 3120 wrote to memory of 4944 3120 msedge.exe 83 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 2300 3120 msedge.exe 84 PID 3120 wrote to memory of 5080 3120 msedge.exe 85 PID 3120 wrote to memory of 5080 3120 msedge.exe 85 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86 PID 3120 wrote to memory of 3668 3120 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.123freebrushes.com/download-designs?&key=33461⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3120 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90a6f46f8,0x7ff90a6f4708,0x7ff90a6f47182⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:82⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:12⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:12⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵PID:5660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:12⤵PID:5732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:12⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8376 /prefetch:82⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:12⤵PID:6268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:12⤵PID:6328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵PID:6868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2261268840414625986,8609657921112745394,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4776 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5552
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3472
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:6976
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\006_abstract_fractal\" -spe -an -ai#7zMap5898:102:7zEvent173501⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5504
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\006_abstract_fractal\Terms.txt1⤵
- Opens file in notepad (likely ransom note)
PID:5356
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD562edb0a6157b03695bcfbec25d8c3c53
SHA11f13f8cbbadd6e03c247db93ab312647eba419a3
SHA256dae25658ff5972891c3747c107095b73cc5dab0bab8e28187d6f920e47f5fe89
SHA512e3c1eb01ccc3badbd2015c25f722326b186b06d394e902c1365f4588f8eec1bf55bdc5b894ad9c245f584f62f43b91e6e0e52f9e35489d0034ea90990c0aa250
-
Filesize
11KB
MD56778a5fe53d938dea8fdbf4f7f679e76
SHA1df1456701609234965c6efae84bde0c7c35ce61f
SHA256ea294bcc08e51aff5bb0190396fb0a7a55d50f52646f2b030319aed70190a82e
SHA5120be45cab1c44f405be6be9848675685086fb3e8e6342d547ce8b006c2cbf182aa050fa7ea360c8f0fb4812569639f610616fc2a6ef24bb2c9020f76e30bd2fb4
-
Filesize
152B
MD5210676dde5c0bd984dc057e2333e1075
SHA12d2f8c14ee48a2580f852db7ac605f81b5b1399a
SHA2562a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5
SHA512aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017
-
Filesize
152B
MD5f4e6521c03f1bc16d91d99c059cc5424
SHA1043665051c486192a6eefe6d0632cf34ae8e89ad
SHA2567759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1
SHA5120bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize672B
MD575aecfb846de564c50d2ccfbce46e411
SHA1215e82996f187fccca96497d9777e00980f08254
SHA25646d4a90c173cf0c208f7804dde8c3e90ddc84f85c0de53aed958e8e4f8e2bfe1
SHA512eafaa6c928ea1a9e90690f85ad3121b3827eb15fe27c67f3b01f6827342690b3e8666f19a14c8179246fc8df6b6b64b80fe0bb570fe678a8e4047ff96f8cbd06
-
Filesize
7KB
MD56f5e1ffa374587ba889f4d18c8f795a5
SHA1d10a9cf2c00f9c047e8c992ab6659fac10b780d4
SHA25692db009ac9623be9a24ee282464f6241d56754467ac402eb9d9498ed57bf9790
SHA5129c96d2382e0880997d9ed546df93d6a178ef7118be03253c6c38dd61b536a24a1bfda474894f0d7ed15da6a40b02d860134663d8bb10a9d27638d0a0c480c05f
-
Filesize
6KB
MD59b3573a107522ecf3747d6e50fb65d31
SHA18e3cfff91bc35adb0dc4a63bf6c8942e025805b2
SHA2566c4f6db269b5d03d8b25cc81ed7f3322dfd5441d11efb5605dd7572a48017949
SHA51275e137455668e2c0c4bf15b977dca32a9b58018363885a1ceca7c03d8d392efa54be60abf4c28b33444d03afbc1abb00c8bfd10ed10d2b259de10eff4ca83f96
-
Filesize
10KB
MD5540c82a679b0e19694b395b682715433
SHA17523590558ab640215314e841d5952fdd4f98420
SHA256a970ece05939f23b5dfd93fdd3382da5cf7d9e02cc7f745c8c10d3defc933404
SHA5128c773c84e48be9ffe136a26c7e4af1105c7e950ff7ffe4dab170796ab52bb89e729b1edf70b64a0a1827277809e60712d2b5742093a0f9f1a978c79083cc4524
-
Filesize
12KB
MD5f6fa65dbadda8799b1580ea09819ba3c
SHA13ab73b9b3547c35f0913eb7e21ebd9e8abf145a5
SHA256cccb8c92ffd78702665d7089bc2675792fe8c001897edfc7f09d2c26300b6cb3
SHA512dc05f78f3c6c427e0f1886d97f04881174cc20c391bedb1901b97436ec039f2f5a35453af2269f1a4278552d1d7fda65315e033ac0bebe3a8a12ce61c0f50eda
-
Filesize
2KB
MD51b9843c145a13c85af29b99129a1cb57
SHA174b0c398579a9bc40e3f311d8ae4663a67dd0d5c
SHA2569e39564607453d6ef88fe842c2594cb13d4e6b334ba7c4a60b58321c00bbe375
SHA512afb931be90c85e9674b1fd311553f9ea1edc03aad691b98a64cb88aee2f6d1f3cede83150d6457e9e933934fe5aef865e9d21b1c5fb6849317a78901af1bf9eb
-
Filesize
2KB
MD56993be6399960d10ebe65857e3235ef3
SHA1f86a007265642210e510c957213ca1cc988b00da
SHA2565846e92c8a23f378095a315a41558254ccec3ecac56fff271639f7f2e1d7f2f9
SHA5129709556ec72bda1db5b0c6c5c1a606f841ecd30628b86ad2061ad446914b01f7d06e44a46bf09905c755f24ffc47ce9265da90ee78eb9453a83a89a1310355b1
-
Filesize
2KB
MD55c7f77dea53113d6f5b5f25c6ed7cb39
SHA1a77a0e298b05dca9edf95a495a8d026f25e5083f
SHA256f8a098894d5b620aabe437f990a93e20164fe94371ad51ab68f3a8ff02548a4c
SHA512d21b64b42cb6f5f2fe7e5a63337573f3873823b00af7bb4edbff580151d68354541352cfccdb24c157e84eefb416fad21baae4cf509982d5a7c13881854cd0f2
-
Filesize
2KB
MD501ec02bf31672d20bda41f463a676dff
SHA119aaaf7c64ac6025655f372121489a029edc6713
SHA256fcb4c776232d8b35fc50b3b83ac019d7b4a168753f53969216be1d505a8fc9c2
SHA512f5f74f0c2b275a0e0207204ce6c60055154eddf06517e6e531e52c36c1c55f1fc73653bb68013d307994dc05a6077c02746169a5e2a411bffe46a5c53f9bc606
-
Filesize
2KB
MD535b9163b5b212f7ee31873a0c62426bf
SHA148489e53b45b8f0d9b9dc9365e357dd60967cc27
SHA2561049d094ee1731e90c43e59be82fadd0fb0f33f741bf97fd1edd3b5abe6799ab
SHA512871fa3568f0d6fd8197a5d6f50b30d76e1fde047ed84a4315b76e2393d7097d0508d6f015b0ea7623f713ffbef994694d90818ee9379ebe48453b380866a1018
-
Filesize
1KB
MD5cd1535eece74c59924e2176b7ebcecd4
SHA1152bc9983863ac2b06695f9b55ac0cec393e6db1
SHA256f8b35e1d8b3c5b9e2c35280bbbd08657e85fa65f08b41d831e32774ba27de31a
SHA5123919f9d4d7640d198cd94d19e1602bfda4481bee00e086881145bbeaf277e19681ed17745c2a7b3340d8654b6ec8d751b807feb8510288c19ccbca566ce62434
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5670c50959b5618644885a8549c1d8b1d
SHA1db05764b554d67b77c1b0e2b5c951621e026267c
SHA2562a7be490a11f8641c40a0100bd13534085f6adb70faa2d4a631d00e1d150fb74
SHA512044e4973e338e5b8b5133e0c1ca0f38feb03633c626f8f56ee1657c0203e711842e5167c37900ea6c4b28f343a545719b2f7ed804b0f57f8eedbd18f9bc07099
-
Filesize
123KB
MD5a6bde3ae93a7a79f0b6b61187fc3986f
SHA144aca35d22e178d8bad00c6ed8aa65698124cc4f
SHA25608872c033d59f99587c0fbd115ae192a236b489f6a22b69a68be862a44adac30
SHA512d04cd7c5759adecfe2652ce6a733ae3d1b84bb055e67a94248480fabd2f2f11f51e8a425cda7d7765bad28946b5d7505ff676171da0ac009ef28ab3aacc82b24
-
Filesize
1KB
MD544c1c300ba88af636d1ad63c364b4d1e
SHA13f86508f9c6fa51e92a0dfeb263cd601c7577db4
SHA256e1f36e3608af311b86ead538609388cf85ad5119e11056a5475a3f1ec1a37ae1
SHA51248479084d3884360f16dac1845877aad59e0d8eab7df0569d96167393fba09787264c0be8bdb72db2745ed6fed463fbb6fc5d18d8367fa3b349d27a81e64b25f