hxxps://drive[.]google[.]com/file/d/1LKRAovLJOBrla7lm8ZSMpEWNc-fkzjDw/view?usp=sharing

Resubmissions

24-07-2024 07:22

240724-h7lctathpp 10

24-07-2024 07:19

240724-h5hh5stgqm 6

24-07-2024 07:03

240724-hvedqswhlg 6

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
24-07-2024 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1LKRAovLJOBrla7lm8ZSMpEWNc-fkzjDw/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
3	drive.google.com
6	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-95457810-830748662-4054918673-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{E6985EDC-1A5D-4AFD-B5D2-3D274E7AF3ED}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\23.07.2024 salı sipariş listesi - 10.jar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1784	msedge.exe
1784	msedge.exe
3128	msedge.exe
3128	msedge.exe
1440	identity_helper.exe
1440	identity_helper.exe
5512	msedge.exe
5512	msedge.exe
5692	msedge.exe
5692	msedge.exe
4524	msedge.exe
4524	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5728	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe
5728	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 3456	3128	msedge.exe	79
PID 3128 wrote to memory of 3456	3128	msedge.exe	79
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 952	3128	msedge.exe	80
PID 3128 wrote to memory of 1784	3128	msedge.exe	81
PID 3128 wrote to memory of 1784	3128	msedge.exe	81
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82
PID 3128 wrote to memory of 3728	3128	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1LKRAovLJOBrla7lm8ZSMpEWNc-fkzjDw/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5e663cb8,0x7ffa5e663cc8,0x7ffa5e663cd8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6412 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3280104637102369002,10739891502629650245,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5728
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\23.07.2024 salı sipariş listesi - 10.jar"
  2⤵
  PID:2240

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\23.07.2024 salı sipariş listesi - 10.jar"
1⤵
PID:5856

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\23.07.2024 salı sipariş listesi - 10.jar"
1⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc52695a78aa4e8734d73b7446ba59d1

SHA1
15dfb5759ff566206ebd6b8a864e9e43182d7f44

SHA256
fc18d4b0cbcbb89e7f9cbe630c18c94ddecf8b59e74718cc5ad1f66fe638cf9e

SHA512
dbddeb1e9678141910933db917260164cfd07d5f2fcf3c7e82fc2c6db486be7dc47fb193a676e7a23d4ad6936c946ede8def1c555332e41a829d94c207cbfd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce971e4ab1f7a51b5b9def5887018d15

SHA1
2f280b61a4c3297a3129d59b84ae971e90fdf9d9

SHA256
12e7606eaa7e67b697c8b098266fcb8cb066cd9f8f60ce43ba8405102a63af1b

SHA512
5358fb373e7ef29ac278c33161fbd06b4ac59b24be16e4c34f37ae88383655a182e30fa71cb7881cffc3af5ab055aad25d57f53f3114e6d79b946dbfaa228594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
505KB

MD5
4a3738422eddc3a0a254172e07e71f63

SHA1
f2cf7c0776e626b3ef20b38980f1969f27450eb8

SHA256
8546c41b103f022942b3bb4c4d379b199f81504d83f515e57852424bb199ecd3

SHA512
0be66fc4e78bd86aee60f7fc3842ef6f589e5f2f8d48dc23385853bb5e6007a73906f871daa06ac3d34b82a358d72b7263546e0e585498feb9e39ce89eec634d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
53059c7ee34a88f37beff2140dbfc89b

SHA1
fadaf4d980cd6f0dbde051c3b287166b03785c13

SHA256
2f52074a21e08c587743d42ad7383925e3faada8a9ebbbcbc81825ffa74dfc07

SHA512
9b3d228ed139f0083db7bef719a8885f580b35d03a1f10bfe2dc3348295a7e8000eba74113017f132be3b5d273cbcca33f022699fc99d98ab7db22b7874f8020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4c568410c80dfbc06e053ad87b52fec9

SHA1
b8262cdbda7e76885aa921f2fccc4e92d1d3ea4b

SHA256
46d3bf65d66e5142f5e71ac52659126fc587f9aabf69555c282890dfc4ba8aa5

SHA512
bc90a9fa7403ef78178a589c6cab46f395cbe81b5ab292b4f2026983fc9f95e0874abba616d0d1f7761a04b0df232c8afbd03580acfab149e5c8d896fb3a0bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9bbf4933dcebc905d74c539d54bf70f6

SHA1
62e44c7d201933f0ddaba165d4ad5677b281cdf8

SHA256
7eae6f8edfa40eb66162ed5ec39306e544e088c4a80694963c9a63989dd06329

SHA512
40bea71fdda4959fe7cc997e80a90f37c1d5e7e3fb890e3e837cd330f3e631fc8e5b7ba6e59a3b68cb8cd07bb095660bc1328d2b333f6bdf8f5dc073b7136e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fd716d967824f81c21c2df16ee0aad66

SHA1
5890d802adfac608efcedba98410c7bc74a4f1db

SHA256
1dcca041ce7fc5908d69fdaffbfc940343fd9646a199728ba9d580ee6f7ca7dd

SHA512
15feaefed7730ed21952f1c052135377069ddda726752f27077218608a4d5528aad4799d8299e2ef556b7c842f39b22b9ee15a42c6372017a5f02fcb2e2e7813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75544affec76db42fc783dd1d7028ea4

SHA1
80e7d3419c051dfc63c76d1ce786bdcd1a2085d4

SHA256
5b2376e93d5de0fdcf898a4e45df571b72d143fc0e5eff087a10cfd7a5de07f6

SHA512
2dc46d82e83df11f3ea65b80fa29ff1e84b97744947208c2d8a4a3898a473f615b58d829a17123fc5dc10372c0a5bdf2dfd456f63100290c7e524444eec2baa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa02d64b967db99df6df603eb52aa2b0

SHA1
8e5d5fcde103874d2cd745f72f6aae83faa7bb88

SHA256
089cbe1eb5c57a82a660a2fb613d507fe527bbe1e1e2bab85568fdaf787abc57

SHA512
5ee8555407c2132303a141858eeb75c0335329ee8db92142b80e3b7ac32eb1f2254e97407ec5a3a6b14e036bf0a534652ee23be892f39c0c9a351ce14d0d7d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2c724375c6305934c9da3c45d07c4c6

SHA1
3daad8bbaa9a43dcff46c3050de4c994ebb318ae

SHA256
8812838308cced8e0bb0c62b4a3271e5df22a1a5073673c09d7832fd93215c4d

SHA512
e27e6912cf289e688e92f5a47f7e310b7b3a7b26be2bbfff8a9953758786829e743f4b8351a5e08e82db27e289d5b714484737c8f0a99f7a4c627b0ec9a3218a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4840c179b86b40a40e98e048236d9036

SHA1
b22ac02e93f05085aa102785f8bf6e263b9f6906

SHA256
5fa04e250e09df793af0ae7a3d1ff62bcef7c30b5d34406209c09dc7d39b3a5b

SHA512
cf302cb79599c8f48f769e0dae4fca72a8acc1963d91d42dcfff54e44a07857d884c84ca288e519a55c3444be23eb05e964f4802b83dc4b5cf0fb8ec779f19a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1ef34e5485500979aec17903a8a45791

SHA1
df85b4a9fe35525783ceacb03158d664d1a28c79

SHA256
c45a412d803085c437e5b94881e5c855987bace8136d95aa6aa4a71d5a42699a

SHA512
eded465ef445e43f011711ca00e0b789551e40709c636a40ad3b43d139295f201d576133e7c09d2559bb7acc0274aefd69233d1e981b743a5aff0f33ce8ce717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d15464f35bd6956f3830b9a0dacce67

SHA1
d7e52b8a7306281b5ec0e578f4ddee25f42a07d4

SHA256
5b600e3528377d9527eee26de73f677523d83628ea1abbba46b645e7ad8b4565

SHA512
3e261b1bdbd69eca95ee1c13ccbccf1bf19584a9f0cb8b513f5d09384d964765fca3b1dbfd21bb5220f992965947a0ad18eb63f5c35d766ac3428e6dcbfb2d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
065ee0ed4663f09888dddf392fb05551

SHA1
971ab6f98067916ab58a2dfae78bf6a0b95ec519

SHA256
bc4129089f2ee4305de1d500472d3440a61ebe322171c906f08ed5478ce99b9a

SHA512
0dbec70721ddfa84cc005715a338390d15edd96643daef775bf337d4bb0c50d097ab6186335ea773aa5141ca1f055d4772dbb9d941ebad23ad3ec9e13360f5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ebcd764f2fc3494b13302286e4c06a5

SHA1
92a0d4565373c4e844b72cd1440fbfbc43e45da2

SHA256
66964af446afe645c5ecfbe768f77a04932c71053ff122346809f963b7a2010d

SHA512
cedca1fb37ddffafc894b5a418d148b14f86781085dbf430ee9902ee7670a499bb062ebe83df92e603b54e605ad529d79f4089d955149283f7811a2d083cda89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21f449c690c992139f2831fa4f904afd

SHA1
bb968d7c7b0675af513f77e9b3b6d0a42247be22

SHA256
c873a62b775dc22f949b51a2d6bd7178c8c3d0357590e04bbdfde374d0bb3be0

SHA512
298c4e6788ff2293fc5ea25fe3b0a931fe33f34384a5c991616184e809d7dcc43dd89a0e97c2956cffa7368d1b0b9467ab69d08ac580dfa76978ce378d41fbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593956.TMP

Filesize
872B

MD5
9c7b2cb179040268a7437e487f323010

SHA1
11eadfc23f771d16dcaae502aadd3843a115656b

SHA256
63a03a66a0fe3fa767579a1aaf4a3e82604770a57e2ce24d04163da9eb3f715c

SHA512
934e155489abe637b841148fa0bf19c228451e11d6891e3f66d67cc0c25a6daab69f8b6fa7ba97d92e400fb6c6b1541cf28659dc7312f1edef648b173dce00b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
667998a2c531c829708b036672422812

SHA1
8e1ab74f1090ee65b5dae08250a6602017cfcae4

SHA256
b50c5297f18940058446af265be8cf5ba1a7f79932893fa344546f7cee8fd780

SHA512
8dc4b2fecf6335305c7c86d795b3599d342ea00170ccb608f60aa4b9ba723773b41edcdc33661f1b054147c20aecbf5f350d3ad94e2168ab08fc2c20c18450fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
358717949e6173a5fa17dfd452bf3ee4

SHA1
ca3ba37607ac536939fa73c5c55f9cd8b2dc1c8f

SHA256
e2f02c4eba093450579e1debb547ea28d7311ae1627d4112e208331ec6aac6a4

SHA512
6c661e92e4bae6af1613a24410ccd3d1e4d56a6ced9a030e46e42f32ec569a12eef89349215acc41c526a02479747d6f8d4b801b1479968ff1228c9c3ddb5038

Download Submit
C:\Users\Admin\Downloads\23.07.2024 salı sipariş listesi - 10.jar:Zone.Identifier

Filesize
65B

MD5
1900eb98aa9a9c242098dfc3f8e8cc37

SHA1
b9aaccf15bdd2babbe1bdf5aa91e595651c7598a

SHA256
b815336ae77e2a2993088369af959f66934d50e51ee4d155bf573d02815cc34b

SHA512
9410fe6c09b38999756c176a021fbffc7b63a9eb0ed443559a7f3926a49cbb813cf3fc4d4ef48880e9c5e4881ecb5fa33f40ed79c8ab26e958400a182e7138ab

Download Submit