daae07490831bceddafde61b3a1829043648e5ca24778b4a69ffab9829fd97de

Resubmissions

11/08/2024, 21:28

240811-1btcnaygrj 3

11/08/2024, 13:53

11/08/2024, 13:52

20/07/2024, 19:16

20/07/2024, 19:14

20/07/2024, 19:11

20/07/2024, 19:09

20/07/2024, 19:08

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c12.html
Size

7KB
MD5

ed05d5b3d7de3d798bf68dfa44fa4aca
SHA1

8b93622287614b48dff54351aa6f956a6c670b73
SHA256

daae07490831bceddafde61b3a1829043648e5ca24778b4a69ffab9829fd97de
SHA512

d256bb6ac71c7d82f31c6d1e5c13536ec9c81ddb3c5060c017240be3ddf2a3f9a966924add381fcb2af26561dd04c7b593548b6fb271ad52c0c477a0086361d6
SSDEEP

192:xosfzn2lcWYAA6Si6SP6g+6k12045Tw8R2:xosfSlYY8b2k12j5Tw8R2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Virus Maker.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
2656	msedge.exe
2656	msedge.exe
8	identity_helper.exe
8	identity_helper.exe
5960	msedge.exe
5960	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe
5624	Virus Maker.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 3008	2656	msedge.exe	85
PID 2656 wrote to memory of 3008	2656	msedge.exe	85
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1944	2656	msedge.exe	86
PID 2656 wrote to memory of 1840	2656	msedge.exe	87
PID 2656 wrote to memory of 1840	2656	msedge.exe	87
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88
PID 2656 wrote to memory of 1760	2656	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c12.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd171146f8,0x7ffd17114708,0x7ffd17114718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1952 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10188817643583173620,6495449115461230129,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6376 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Temp1_virusmakersource.zip\Virus Maker\Virus Maker\obj\Debug\Virus Maker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_virusmakersource.zip\Virus Maker\Virus Maker\obj\Debug\Virus Maker.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:5624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
736a2b20f55f12c965556fd986160bf0

SHA1
8f919c2215413121b35883b2326b2cb3d0318105

SHA256
d46f5ac8bf49772699c38992f4c4a463de40d1da05fa81e2f30ea8ab512b85af

SHA512
e0f01926852f0978d23c09f6316086012cc2ebef5f94505328cef8f0278ae7eae574db36ca53c891cc2e8cb12c05cce24db64cc9acb08d9bbb978e73d26eeb19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
323B

MD5
69628be7a92e13054f59cb0337aed1bf

SHA1
c7ffaf94f5c762c14cdc7ea478e85cd9692993de

SHA256
2e815f97fe349e49c91db86b6861f209949e3c48923eb46a45d40d08e07390f8

SHA512
19b3cc29db74534ab5a95e0d1b467e5a10db99b18cddbe86f4e639d632401107a986d7a7c38d361e8703a698ebe0bbff95a1dbee7a32f68aabf552327a0dfcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9bedb43b5fc154e57b1957f3e510801

SHA1
5bf4a6c0d95e30d6573937cd96769cc7a360076e

SHA256
802e2f97279ea1c1e5236fbe1113661a808a4feb7f25dc1c4afe1e8b5ac0a5f6

SHA512
b88cd29acc578fe4755549c6fcd2e7ce7838eefd289c4814b98d750e0f0f64027aafab14d69b86383b52ecb4ba25892a781c1c90f4febe6ce41ae3451f872fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a17aad8dfc448b0dfa8fb50c8e37a025

SHA1
e25bb5c4cd3a8aacbb957d58e35a1ba83e9ccc96

SHA256
182c78447c2b9362b09c6c98095dcdeaf9c94ccc48db71cb5783126ec80f26d1

SHA512
b14c994d24e4adff24d9b3f9689f0ab3bff2ca36274bfc2593a34933d51300a6a153aa0da972f02fa7f732169f2a9f042d216d75cfbc6d0fa105c16167514ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f73e105c3ebac68640d955e11c55023

SHA1
44fce44e757ab4e702f6c6fd3360a9107f41304e

SHA256
160e26f320e2cb1259221ac8e48fd74c9edede38a23c46e862e1c6f2fed08897

SHA512
3ce1e3aa30972122d99538cce1b4dca63d4e2c212791a96c9e22df3ec6c0057b4035cbfb28bbe36843f54b4ef934f1afec7fe92fba1ff63908a1b0e30e27d7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e51d163ef25aa1a05d743a61260e5ce7

SHA1
d6a2f9089cfc1928cd6df270aa09bd1f9c4a2a86

SHA256
e667ba1210e4fcc6210b95d9604adb51de654ed363cd6f3efa4a087d65365b6b

SHA512
2da1554e2e0f1ae908c4a6df8ea4382b9b396d1d224d2d928eddc5280c2fce0406d37fee63c6693e39b4ec9f9f8075b4bd9c4fc1cc479de245d720f7fa36bd55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c3e5c9a6995bbe725e06e4fd26ec0d64

SHA1
69a924a8e85ae93a0cefc0d9c2c390323a335519

SHA256
565c41799733318fa29fbc11a2c7990ba83b99730f1966d21a80fd29a2864c9d

SHA512
8c187fa347581ba13eb29f2e6c3cefa4914e1208cff4fade8556012a84898370bbd0708adde8f98af67d4de88e153c4e0183471b4f35f7c0e71b483ed23b9fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586404.TMP

Filesize
705B

MD5
19811e87f38f302ec071789239f367ce

SHA1
275ad8e3e6e6d4f3041d8ca4b83d563a8c885c1a

SHA256
4e7c7630be55e095c6436fbd9e54e10d095e93a82c94f0bc1e88611e0d02c3dd

SHA512
bff14a71e4ae4bd264c426bf5e67e19533d4418585901a1820227de7359c10c1b2b13f8f11b770c01a2cc783a52dc3ebddffd258d23680879639b1d8a3d170a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
49a428d58b2eea3b761848b0348c90d5

SHA1
b737be5a9ba3a49b0a679d8b0816d8b81ac1c074

SHA256
5e2f61a5745459a4bbab72022800cc59777fd673d48eb08d5adf3919c75508f3

SHA512
6af7ddfd13c7ebf3dd459caa925a0a4e29e189389ff6f06144b7274a6586f1db2aa0723520c4fe4938feb50847fbc9f6002eff5d2240086ed3f1ae889d499e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d0ccd7cab4acc02a71393477e16a619

SHA1
f27c8d7147992a602ac00f49f7ec67489077e915

SHA256
03dc1fc66662fdcfb6e2e51843c1a8ba74c4d3d260229031e5460d1e35b8323f

SHA512
870f13a5338eb234d34d6f91035fe39497fb98356fcd87104370049912a35531eaa0fbca619382f18105a190fea0dcb6866d858c28a4c82d3d987df55e0c7d15

Download Submit
C:\Users\Admin\Downloads\virusmakersource.zip

Filesize
1.5MB

MD5
5f80837463c08177865a2165b0ddcb3d

SHA1
9a831df118c228bee59b0af1567c6c5fd13cbbbe

SHA256
473f5432be4bf1e36f0b2f7f33324924318ec6fb424b701619d00b9c28c1477e

SHA512
c23dd81f3ab3790d350d2f0135f527fbf4e7b72b41474cfcb859f0187d2d9c8cd724c661b57c250feb8274db267443169208db65ed6c284f1a9aefde07dd022c

Download Submit
memory/5624-265-0x0000000000DD0000-0x00000000011D8000-memory.dmp

Filesize
4.0MB

Download
memory/5624-266-0x0000000005A90000-0x0000000005B2C000-memory.dmp

Filesize
624KB

Download
memory/5624-267-0x00000000060E0000-0x0000000006684000-memory.dmp

Filesize
5.6MB

Download
memory/5624-268-0x0000000005BD0000-0x0000000005C62000-memory.dmp

Filesize
584KB

Download
memory/5624-269-0x0000000005B30000-0x0000000005B3A000-memory.dmp

Filesize
40KB

Download
memory/5624-270-0x0000000005DB0000-0x0000000005E06000-memory.dmp

Filesize
344KB

Download