Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
13-08-2024 06:50
Behavioral task
behavioral1
Sample
Remove-EdgeOnly.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Remove-EdgeOnly.exe
Resource
win10v2004-20240802-en
General
-
Target
Remove-EdgeOnly.exe
-
Size
7.7MB
-
MD5
cd1abd6d55b99d7ca21bee6f4fdb2bc9
-
SHA1
6f35466a981c223da67b0ba46f8bdd11057cc95c
-
SHA256
33ba55d82eaab33a54fc34f1b8ce650a8f264a10295ed09d35548a5106780480
-
SHA512
1b1bdf310434fc561bc6d2d676c25d2c2bb681a7132b8177f1f79f38151ff9f988e9943cf0158e28653544fcfd29cd8b4a8a896f766243a6d0c0b6469eac0276
-
SSDEEP
196608:Q/8Olb2w9+L0YFqQxA10++MvJHDO6D3U/7F1g:Qplq5L0HQK1HnEzFa
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Remove-EdgeOnly.exepid process 2744 Remove-EdgeOnly.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Remove-EdgeOnly.exeRemove-EdgeOnly.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Remove-EdgeOnly.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Remove-EdgeOnly.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
Remove-EdgeOnly.exedescription pid process target process PID 624 wrote to memory of 2744 624 Remove-EdgeOnly.exe Remove-EdgeOnly.exe PID 624 wrote to memory of 2744 624 Remove-EdgeOnly.exe Remove-EdgeOnly.exe PID 624 wrote to memory of 2744 624 Remove-EdgeOnly.exe Remove-EdgeOnly.exe PID 624 wrote to memory of 2744 624 Remove-EdgeOnly.exe Remove-EdgeOnly.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Remove-EdgeOnly.exe"C:\Users\Admin\AppData\Local\Temp\Remove-EdgeOnly.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:624 -
C:\Users\Admin\AppData\Local\Temp\Remove-EdgeOnly.exe"C:\Users\Admin\AppData\Local\Temp\Remove-EdgeOnly.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.7MB
MD59c83364db2337cedb50cefce5772bf28
SHA16a65ce4bec369e2e2f6aa19e52ac556ceb3445fc
SHA25689b71fca8d164d6e7a98967036212aa1fb28f5554e2a1b1042556c22c514ac16
SHA512e3608ced277fce1e64a0d371b928a5bfc0e00d93a3f020a56f698b1aa2f18a80fc726a9f7c25b8d8d98a2b95ca49a03a254b3c704c08772abaadee0b01f8aa48