bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
1672s
max time network
1163s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 724 wrote to memory of 2712	724	msedge.exe	104
PID 724 wrote to memory of 2712	724	msedge.exe	104
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 2084	724	msedge.exe	105
PID 724 wrote to memory of 4304	724	msedge.exe	106
PID 724 wrote to memory of 4304	724	msedge.exe	106
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107
PID 724 wrote to memory of 3656	724	msedge.exe	107

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault465006e8hc419h49aah9079h9c353039bbca
1⤵
- Suspicious use of WriteProcessMemory
PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8e7f546f8,0x7ff8e7f54708,0x7ff8e7f54718
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,2703842371332048562,14308700659458738025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,2703842371332048562,14308700659458738025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,2703842371332048562,14308700659458738025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6adcf35adddcbf804dfde58e2a7929bc

SHA1
7fcddd8f227881f16c660d680c08a24f0280db9d

SHA256
e5754999fc00cafbe60409b625d89454acb346f6fb43c93a496b63286e69c555

SHA512
e12d7f389e7a215c8eeb2d101c319b239f7798a25392cc191754d1a50148a77ec4430d829263e00695543aa5b81a86b33b34539c3be2267a8bfa1f7bda67addc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
93eacf1bba21bbe5087ec633a28ff836

SHA1
9490b701cb2a8870384a487f163a3625d880899c

SHA256
9f49936b5ee2f13405f024aa9eb9a9b6ed531f598e05fdcae6347b6de1ceab88

SHA512
6abf49e4e7da8415ad971cb59269e3ea2cfa61f04eb2d4556a0f5b0b2ab5afddb04147741795f2328d14bd26d5f2ac7d8174e5a1c6e1827e08bda3fddf1fcc79

Download Submit