Analysis
-
max time kernel
909s -
max time network
896s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
11-08-2024 01:09
General
-
Target
https://drive.google.com/drive/folders/1lylho9lnQfhC8a5_DP03wf2RCv5ZbRap
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 48 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 16 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1lylho9lnQfhC8a5_DP03wf2RCv5ZbRap1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81ca93cb8,0x7ff81ca93cc8,0x7ff81ca93cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5784 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8624 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,12908790428753917075,7852428601735904793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"C:\Users\Admin\Downloads\dnSpy-net-win64\dnSpy.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
Filesize
230B
MD5d14d4cf63cf6757799058b4d45f52147
SHA170dce6fbc2345e5638fc56c4ffe1c9f616c995c8
SHA25670c70253f2813ba8cdc0cba527cbf0c720814e7dca437654729eab0c9933c7db
SHA512fdc2f3e4923f78983f2a33662572db45eff0c98241157ffd5e1548684183c5349726f0d75c43c6da3c8cf350150bc04b4b88ad9e7c44f1aead98209401a1e267
-
Filesize
152B
MD5026e0c65239e15ba609a874aeac2dc33
SHA1a75e1622bc647ab73ab3bb2809872c2730dcf2df
SHA256593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292
SHA5129fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569
-
Filesize
152B
MD5228fefc98d7fb5b4e27c6abab1de7207
SHA1ada493791316e154a906ec2c83c412adf3a7061a
SHA256448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2
SHA512fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56
-
Filesize
28KB
MD5bfb4ad144233248db8f0b493c9f53943
SHA175f204ac49008ca945d35db03568db5ffa2ee27d
SHA25657819395af403b8697d446c0ef64388fd0f4b33af5647bf8a79d0616cd903393
SHA5120f5f4ffdc046a81da203998f22ce0f156036b3c14646faa1b1c30d6bd0cf5138b70b3d5ac60b2b6eed36d2beadc108b78119f757bea84705ac71a8f1b3d4dd6e
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
246B
MD531873c873c972b58d358e3f62d85e604
SHA1a630b2d6cb1ee63b5de7e699712d9331b03e1020
SHA256936904760d2e7b68dd6feaeb5c83fbece025d4fc6eac342ca162021fbdfad0d1
SHA51262e1ed528c33cdf4b434d181d8faa857ecce0cdad91fa14ccc1083a082d09f3e9f0e304069ed75016ce66893776574448f77cf5c17d4dcfdba95f482be99f17b
-
Filesize
257B
MD519a3f8fefb573b41da88e3e778f36a44
SHA1e320517793c316571c712373908d76923f67b9ed
SHA25639fc3538e4ffad6a6efe5a13b89b09f44d75453d9de85d36a7c987fcef251d1f
SHA512166053445b1b92686b3fa4e69999b177f7a194a2d6ca08d91a971a271e889a73a3748e009d9f068cb2c6ef8d364ffaec4dbc75771cedc115be7a119588f836cc
-
Filesize
4KB
MD531c20becbca125de1c8aa71e59e905da
SHA1c3f04977489b02d5d2a8b8eb9687deac06ce6297
SHA2567a0b8c314a57c432b30b32a1acce770e161291efb5b3471225a651ed58e80028
SHA51252164f598dc4b91963cfa103807e5d730800e9db26d6e773c9dc4dd317254266027b4214225dd64355c2e863fcc94829d1bdfca6e4a34b4d6de324e97edd48b6
-
Filesize
5KB
MD585b53c38ba8916bd33a8d1d70f7718f4
SHA1d5b96aaedd61cb76be314193516f497f301a12d4
SHA2561949249f4b630ef9b40cca85ce98cb2cad50e129e132eb053913f8caf45575da
SHA512612effcb13ba9651d68e195131a6b4b57a48e2f1874042c0c77a69fd86be73d39b77ebeb9d5ac1d6fcc25f9dcb990c4704c2d6f978e600b0c08d1d77af59a77b
-
Filesize
5KB
MD519b97cdc066280734803a81e462702fe
SHA1e76c27ebde3d1e808fe8620e3d743f12c770f9b5
SHA25682cbe98ce9549c1408754d9707eccaa506a3bbaeb55a829edd2a6c047d176685
SHA5120819d5d904958127c66d0b86e871f31a7acebd8c3ab136dfb4a691571137c44ac235f4807e0746d80f10c6354ab1f864c23d062a13e0424745fc2cdc80a841dd
-
Filesize
4KB
MD5917517c5ede744b566e43b3589a141ef
SHA153ff8e07db80056f459811a87e1a7a5919ecc738
SHA256d4f086ae50fe16fdd867eb08210c6511250e467885482f775f4693325d8e5a2d
SHA512043947e0bd317e4225b480ca24fbb2dc5e57f5050aab41865a3d4052995f91c49b3dd7de3fa63d05e6b5437d5bab1ffd5769bf7a25580d0cd25680485c1e50e2
-
Filesize
10KB
MD57e770242ce16692dd7003255511af665
SHA1b6f9cc1e24cb63d5d3c5590c069a752171379611
SHA2562cf395707d287e261ac2ff9bad04b8a8837412e4db1dc7f99f1344c97e60263a
SHA512cc0ea6cde02fe3927ed283996323c759c9cddc8b34d6bbc6ca10a660b6f78d54cfd513508e8ec4730d5fa8676894b50270a0842fc132d3fd9f164230ec5cbec4
-
Filesize
6KB
MD5a4a2401f52fb6e39fd3ef0dfb97a8e46
SHA11d0f6a58c533b06b6be8bc6114ee81238874310c
SHA25687874e6bd6aa08c20ced7c37693120e2d8378ad48472e5b95cc657c046af7e75
SHA512a859f241b8511a1d043f2a53bc3475671c578dc221f14bd62aaa44da15f58e3eae721f62c3d811c142bec01f70a4c93326c30ecd64127c12e390acd73755c943
-
Filesize
6KB
MD57e3281c9e0470c5cbe15bc9a7e15bd1d
SHA172d366db24eefbcbb7022bd86f40f9d34e686482
SHA256a11628bb4daa536f8bd3b91d904f9e56437d701fa0a4ff777c6cf14f66fe2b9e
SHA5124122864cd259dec1acd91ad86c7b18d84204b4778a209d15f8ac49b9576a2eb1aa05eee846291fad8b6f0ade3dddfa9a5129876a748e52d59ec1b7936d6cd8fb
-
Filesize
9KB
MD558847368a0724cf187921f2e0114be6f
SHA100085587e085aa890a26f1c7533887a1ae26d882
SHA25649750de6e1839100070f35ebc13d48218f60628a460adf11869455053c87d0d6
SHA512c744b974b98f12798ef014dc16c0d9e87d606ad32da126a03afbc56cefc58ab5369002b00b64cba815fdfa74f126eab46f066d040b7ab8a11fae921fb64659ac
-
Filesize
6KB
MD520c11e934617cf43312b0abc03bccdc9
SHA1dab15e837ecb86310ab4089dcc05c37a46c7e9ad
SHA2565f0f16b36d48da7ef37c30f0eb8cac06d5c1964ce0fc4c7f5c8d325dd57b0b0c
SHA512c36ee3645b7ff7ce5b142f246c2dc407734fb03170988ee6f2dc1e868a10c0e69ac0b6e4da857b609360d1863eb10d24e08697277addf7eeb4ade84cb930572e
-
Filesize
5KB
MD5c5eacf556be23188dcf13c64f8323c2e
SHA1855515b5784fed6cc0575f01e1d0c63fe41f3fb1
SHA25699b6d38639867cd23d6731cc826b7265e6788f4d27e1c96dfaa18fb22b15fd7a
SHA51272a562d6265c6e78bd4bb0a5eff4757e4dc65c4b6ed0e17414122c53a209ac79f01d28eaf12b801d62bba196a0c34cdcfbf31f5f6aa985e638ff08400ad264ea
-
Filesize
7KB
MD5a23e22b46fc80482917a62aa4a55832b
SHA1a7f577b1654d5f1765fc1965ce4303cae89cd8f8
SHA25600bb213f1ff40a9601ce75f04b47893fd0257ddbcc0fa9ef1416bc6c5638d225
SHA512b2b78e19870214e60a3c98a1191ab0d2fa2da60e1fa3ce6cdfe038cd4363dceee9e674331e0c5667ff61cfab90009b84f4297e3691553da4075e6f4cc8e4ebec
-
Filesize
2KB
MD50c67c7e113b035aca04546ceb6b5bb6c
SHA1b31a89f0705289734464e920ba8430a47b73651a
SHA2565c351099c792577f85c3424d9e50a5291a924276c66d77cc60f9292120791670
SHA512640866872bb29e59a909ef3d72f83204b72947d7b05a616818506365a6caca189b567b60c479da90c7ad2f1a3daa4b8f2191452b4092b8a4f5b57e16d92f31d7
-
Filesize
2KB
MD51c4926a9ee6e24527d156e396f68a413
SHA12d0cb15f69483af8c18197725885483697576314
SHA256d8c9443a83008eaf6780315819a8244ae378d816957f3334e5a332cdc42a86ea
SHA512ed071cbd3988845c022dea9f96c225eed36d9a4cbcdbd006c3d5971bea7dca7bab7f9ec7f98491ccc3d314bf783190329de106001a2ebe27c8bb848696a09f3d
-
Filesize
4KB
MD50773e2edf4519096001a3cf649edb8a7
SHA1363b01945c4de14980886c9faaa41ea081b4c7a8
SHA256f93af7fa6970450d220d687d13317d89a4961ce793d90e531aabecb4ee74dfe2
SHA512512b7479537c27c23154c05ffada00cf70d51f5f4753ed42a73c1c1a83039a11e6f01c5020c08fd8e9e1c895ee228dc1dba0bb316c27a7b2980d4482d304fcf5
-
Filesize
5KB
MD55b7b63fd9bbce4457f63ba06569ddeff
SHA1757bcb0c1691aeb7a2a6178cbf12fafcd20f2e00
SHA25653152dd9a881e54946770e02a9a2e094729dc29b0d1c063cce0164dfeaa97c85
SHA5127f01b8d379e5d76c57500f1deca4879fdd072a5af3d2fc8ae0309429154e5d43031271cb5fc2011fcb46e637058a78316044178379e4b0c942d13aed128143fe
-
Filesize
5KB
MD5fc7c49175faf058608df1b98d9bbbc4a
SHA1a7788793c44057abf35d1e0fcf2973829bb7d04f
SHA256224ae2f1f28b0ca7a44ba7630ec0de09aadd34030a73bb47fd3c60ec2c4de583
SHA5129809a17453c06576cdf4ef527b6ee1d53791d032a97d82a7bcad89ff0ed3fd6e4e7d5a3e20ce69d5f532d9b5591492c1e1cb76d9a8318e3ba7df0c195f26b86a
-
Filesize
5KB
MD5b7907bae01f7601678f7c39e92474f63
SHA10d65e1fa6c8d30b488eea5bb0f28c8c25b2eaa94
SHA256907359c0442b653440139984edb5aea7eec5009621ec93a490ac75fb66892cdb
SHA512184baed1ea2bd4fbeba3588cedef2dc0e9215d2e484738607f549a730e93df26032cf2d3e8732ab580286ff9e58f52c41097129f183f1feb947cde8d57d5b706
-
Filesize
1KB
MD5232a9ebad072609ea998fd76622fdd62
SHA1576c8c7997d94ca478c706d0a01f7896d83ea4b9
SHA256fbe4babbfc61497cb975d650cf590acd58e8eeed9e7fa776757fa876abf07be6
SHA51222c2fce1d9961bcda224966d8e3e663925349dc56b48d4002b8c61780c79a55f09d0ce179754ef2f6b61958b2733a97881886401946db2d952d4b192251f556e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5ee4cfc0c199f62cd360fe22062035185
SHA1b1f1fc6919a9991ff1f8ab534036f65f27523375
SHA256267f895c7d9946fa746fb6b60476d1d314c95ef885e7f15ad555a0d8c7eb1579
SHA5123b6df4cb36fbb40a6953d9d7aafcfcc333cbfb12cb9c9a0e14eef6f133e5569007078daf7418f505193286122ada96fb3d0b685446ec01b5560387bb5947b4d7
-
Filesize
11KB
MD52f2df9c5f5d098e1c13412fadf11b4a8
SHA16c7b24db65e212fb42e82d9a6206ebf7efa8c23e
SHA256f9691437b1609c77fd304124cf0981094f2f78e6570a4f3114617394273eaf33
SHA512be6e41b1150b11b4e5c40acadc1ee7943affa49f4d318c7a205afceae76a47a3c92190842f767d0cce0c0d063cdc3818b0e12ae9d52f497ad9545caedd34145c
-
Filesize
9KB
MD540397af94efb93d8edf6947f7a6423ff
SHA16044c0c01341b78270949a5a6e3f22a381ea79d0
SHA2560f349c10bafa9a43c191cf096c6cf924d0bdb6ae22ba206c3f655756edf8e4e8
SHA512475e1dc4041a4e6c4df8ccbce375745be311298692888376375b357733aa920514754948c21005224cf87fe7ad8308352a61115254fb484ca7587bdefe296e3a
-
Filesize
186B
MD53b6625fbed2776793ccd7f52b4de93e2
SHA1a1b45a63539041671e2ca7c457de15c5549e175f
SHA256a2589b0c4128f50d6820dadaff18d0db587bc13aec4a6fbec8b6e8a195920697
SHA512a130536eba7b66bb32335c7b1daf338d872eb7d581896a9192b9446bf6d0427f6d1f8f7a1ae667547769291092d6d5f7e12be7806cf39efdfca339852dc6f13d
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98