Overview

overview

6

Static

static

5

Morenos FI...21.pdf

windows11-21h2-x64

6

Resubmissions

21-08-2024 10:47

240821-mvl6sstgng 5

18-08-2024 19:52

240818-ylg19s1dmb 5

18-08-2024 19:49

240818-yjp9vsthkp 6

18-08-2024 19:47

240818-yhk9hs1cle 6

18-08-2024 19:42

240818-yey17stfrj 10

18-08-2024 18:53

240818-xjsjjsydjd 10

Analysis

  • max time kernel
    136s
  • max time network
    134s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-08-2024 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Morenos FINAL 5-28-21.pdf

  • Size

    107KB

  • MD5

    449dcc66293d406d6d2123e215121e28

  • SHA1

    e89e93a086ba60df9023151af2d0feccac57529b

  • SHA256

    1290948df44efcfc44f75fc4717945c3c14ce87b66dc476bf0a2595e83e6fe39

  • SHA512

    26b7bb24f437e77168ec01efe58c5e6d229867c8e11d1aabd4c4a2a609afc29e92627ccf5c87b97a68f110cc28667777ad6d6ed483b7326d9c9a84af5785bb05

  • SSDEEP

    3072:x3B1PGaOeIPZwrQOXH93afJ9MVYtB/tVwR8WV:x3B1PtIA93yJJB/QrV

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of FindShellTrayWindow 42 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Morenos FINAL 5-28-21.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:3496
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3208
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=630DE16E5ADDD03F807357035850BF66 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1992
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=40C2D9DFEC6F3F9EF92B383477B44F76 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=40C2D9DFEC6F3F9EF92B383477B44F76 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3152
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D16A64C3ABCF33ADDF712AAF92843D77 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3448
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E7842F8254630D5E70EEE1CA3E077B4D --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2492
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A1C22C895646699547465BF30E015B92 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A1C22C895646699547465BF30E015B92 --renderer-client-id=6 --mojo-platform-channel-handle=2552 --allow-no-sandbox-job /prefetch:1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4280
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=04307D31811BDE4EAC70359B03E449EE --mojo-platform-channel-handle=2448 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:776
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4844
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffbd3f43cb8,0x7ffbd3f43cc8,0x7ffbd3f43cd8
      2⤵
        PID:4776
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
        2⤵
          PID:1568
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2180
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
          2⤵
            PID:4192
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:4668
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:3304
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                2⤵
                  PID:4140
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
                  2⤵
                    PID:1268
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                    2⤵
                      PID:2552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                      2⤵
                        PID:1780
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                        2⤵
                          PID:1116
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                          2⤵
                            PID:4584
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5620 /prefetch:8
                            2⤵
                              PID:3024
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5680 /prefetch:8
                              2⤵
                              • Modifies registry class
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4396
                            • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:2152
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5100
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5600 /prefetch:8
                              2⤵
                                PID:4964
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                                2⤵
                                  PID:2620
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
                                  2⤵
                                  • NTFS ADS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3924
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
                                  2⤵
                                    PID:128
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
                                    2⤵
                                    • NTFS ADS
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4584
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:1
                                    2⤵
                                      PID:5564
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
                                      2⤵
                                        PID:5572
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
                                        2⤵
                                          PID:5804
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
                                          2⤵
                                            PID:5812
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1748,14079861858717594572,7624935364820507887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2884 /prefetch:2
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:5304
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4156
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:4380
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4660
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:5028
                                                • C:\Users\Admin\AppData\Local\Temp\Temp2_Monoxide (1).zip\Monoxide\Monoxide x64.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\Temp2_Monoxide (1).zip\Monoxide\Monoxide x64.exe"
                                                  1⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5528
                                                • C:\Users\Admin\AppData\Local\Temp\Temp3_Monoxide (1).zip\Monoxide\Monoxide x64.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\Temp3_Monoxide (1).zip\Monoxide\Monoxide x64.exe"
                                                  1⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5180
                                                • C:\Users\Admin\AppData\Local\Temp\Temp3_Monoxide (1).zip\Monoxide\Monoxide x86.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\Temp3_Monoxide (1).zip\Monoxide\Monoxide x86.exe"
                                                  1⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:3332

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                                  Filesize

                                                  36KB

                                                  MD5

                                                  b30d3becc8731792523d599d949e63f5

                                                  SHA1

                                                  19350257e42d7aee17fb3bf139a9d3adb330fad4

                                                  SHA256

                                                  b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                                                  SHA512

                                                  523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                                  Filesize

                                                  56KB

                                                  MD5

                                                  752a1f26b18748311b691c7d8fc20633

                                                  SHA1

                                                  c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                                                  SHA256

                                                  111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                                                  SHA512

                                                  a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                                                  Download Submit

                                                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                                  Filesize

                                                  64KB

                                                  MD5

                                                  9c6932421bfcbacb3c549f6cea4c858d

                                                  SHA1

                                                  4ae55070e05b5823a3fcf9165f1cd9c1e924294d

                                                  SHA256

                                                  edc1cdc7911fc8b918d1d4f7de1efd6f2082bb6c5384b23b5811152fa9dd1ab3

                                                  SHA512

                                                  222363df433561d1fe2cb33d59665588c76612d9fb0e563142c7ad3550dbda983d122cc2f74ef74e6455875d3d37a74568721c1ff3a4150eab7cb329e8e8a35f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  4c3889d3f0d2246f800c495aec7c3f7c

                                                  SHA1

                                                  dd38e6bf74617bfcf9d6cceff2f746a094114220

                                                  SHA256

                                                  0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

                                                  SHA512

                                                  2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  c4a10f6df4922438ca68ada540730100

                                                  SHA1

                                                  4c7bfbe3e2358a28bf5b024c4be485fa6773629e

                                                  SHA256

                                                  f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

                                                  SHA512

                                                  b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\23d53e6c-81eb-46e8-b915-2c9b5e31ee1c.tmp
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  bd2cadbc2e960a3a7acfe561f1541e87

                                                  SHA1

                                                  000c22938ce5de5f61ee34984d6575626897f490

                                                  SHA256

                                                  01348b789c90ded292527145ed0788a54731a01e07c4b28137ecdc741bd91d4d

                                                  SHA512

                                                  6488efd761ef786933f280c98f7beb7bb11bf09db7919ac828b020f3f1c3c75a3a169bfa414c5a64e2799916854818e48eb56c62ce04883475de43a567070426

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  3KB

                                                  MD5

                                                  76e4eee7c8cd16596639c91a043036ad

                                                  SHA1

                                                  8dd2c8211fd78c10a95c2831d4464703620613ee

                                                  SHA256

                                                  ba92636c3548d382a92b0b9781a4566dd8e928a26902aee8a391e2771c2608cf

                                                  SHA512

                                                  ca7abae1ce6e52e6d8704b20ecbb04a9be81c49ec735a5e791495223d57d5fdbd9613e0a19106484b910dc363e2e9f7b382095cf07e114e9ab9301091bf9c489

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  879B

                                                  MD5

                                                  76ab871106ab85a29e196a0dc968ca1a

                                                  SHA1

                                                  e302cf9892efd74185aeda8502a94743b46aec15

                                                  SHA256

                                                  b7ffdf45976649a2598cdb926a885b9c2aa3a0a1d5b092eb4d319ff672317c8a

                                                  SHA512

                                                  d6027d7b8e247029541ccbb3cb0483db22b9d3e11a2b8500a2a9c66b337d32557a998708f62bf2f832f0db359d62f94c60053a4245ade716e61a27fcb99e9f27

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  decbb8797326c5dab11c02179d511011

                                                  SHA1

                                                  0ee032b84230d984228ab9e77e360369d72464fe

                                                  SHA256

                                                  1776ccd26e1f765a1949f36588a7d2e5c53fbedd2324162ba10a28117122524e

                                                  SHA512

                                                  5ab111a5f5d5834cfcd9d8292619abdc2668077ac88de46df987346101f4709b7e7d7c5da9307a45a9722b527fd383933d8ca955705ee02612953e208f1c55b2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  fbed03ef8cc18a3be0579733d13ab146

                                                  SHA1

                                                  b89292ff8a0d31852de7b0763aac502f6561a7eb

                                                  SHA256

                                                  b87567ad58cfe6ed1807ff9f2c4b7e8013ae81d4905f4a310a2c449fc5182d0e

                                                  SHA512

                                                  c3624f9718d490a970d9defb4b6620b5c59a8d741a91ef2257da91f0f4eef8f6f7ead0858a5cb19089aecb73e4e4957d805367a467500d8b5a87609054c45a0b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3e97b6f75bebb0c786e4a8cc96d50710

                                                  SHA1

                                                  83448e739800b9cd0a824745da40da1afd3ae433

                                                  SHA256

                                                  ee18f81c327875d5ce47f2cf2ea77adf6a848a958880888852f30a4ee8dd69b0

                                                  SHA512

                                                  61c8bf2d39d44170bf8f13c873f7a821ba95664ea1ecdf0697bf606a94075d27b274e43bfb9ade56a289306ec2fbfdb93ac3ae22c12619077a38a3a4b1849c3e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581f1c.TMP
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  b5960af36da6c89b9adb23372559ae51

                                                  SHA1

                                                  be16f2f3af55f51f9bdfc5e02cfafdf08e905809

                                                  SHA256

                                                  8c8dbfeec6eb8546b97d584989da8a074a6a7f5a03b1295ad2f81214f1e81242

                                                  SHA512

                                                  2ea91fde0dd444d20859818c785c3ac1e029341234a0e45a4c4fd0545e1b58559947eeb707ebc876fc7f697d7a41e1f9dee543184e0b8bde2472b8e8f6853ed9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  206702161f94c5cd39fadd03f4014d98

                                                  SHA1

                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                  SHA256

                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                  SHA512

                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  a987bd8dc1fd1c28a7cceaebe8fbe5ad

                                                  SHA1

                                                  2119c4e0878ed7d65095d19a272438859e31f17c

                                                  SHA256

                                                  674f26c2e894f11052ce39368db0edf17ded05575c3cb6487d56264607f9e71a

                                                  SHA512

                                                  3343b85c6047a176df0a9ee312c7aa2f002cb45c5c6d79fa13a62146d7f2cdc3a7db325fceff3e59ff50b73e3ece81ecd2de05f7f493649db28a71fd16c82023

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  00a5962ff2e4bb6d0bff31988d588540

                                                  SHA1

                                                  7dc271ff4250b2159ab2bb41d74d85bcc393b082

                                                  SHA256

                                                  75c644799f7ee2817ea10a7f9f7d5d38e383ac0aa6a97cf66fb1f6238eca0699

                                                  SHA512

                                                  a1b9834e0e2ef8f826b811c17d56b68975a27a8e4f112f484172e0b8a8e418df5ee98b27bf9e3c24a3337dc828ab176d30b429bad3661ae509aeb1ac7a409960

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  ebb5a283d175daf37baf6e08cc73feb7

                                                  SHA1

                                                  79ed988d3eb1dc8fd0f4ba910591f7537b704f2a

                                                  SHA256

                                                  d690a5dfa7eba8677c3ae13826c3117a25e072c039767c995cb21157181080b8

                                                  SHA512

                                                  3ec14d6cd4216d7ffe824c04b5b8029a5809c08c5f68abe94fed6a82c2d99594b64556f3d4db9d85330e57c12d71105585d825498de80b7180dd4a57be8e5983

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Monoxide.zip
                                                  Filesize

                                                  200KB

                                                  MD5

                                                  e77bca3013a7cdd34871d734a294d60b

                                                  SHA1

                                                  697b1f62007b9b9fbe6f1e98aede0e5800a6a6f7

                                                  SHA256

                                                  0d1c5ead44e729aa9b25547bad1f128759d144b8ecdec25bb28d67d694a5b3e0

                                                  SHA512

                                                  d9ff6c0fdc7cc2378b3de99abce734b6248c8c91fe78cd6c68cd5e84c6400beb0c5192eb9aa28fd22f60744e8c26d29fa5b6dad79296a1c84f0d2275a30628e2

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Monoxide.zip:Zone.Identifier
                                                  Filesize

                                                  192B

                                                  MD5

                                                  fe43f4499151f4d262611349c7740231

                                                  SHA1

                                                  9a15d5c647e14a6d619c07646afca30489c5a1e7

                                                  SHA256

                                                  528d39b4e7cf61242cd03d064b8945f4eae7aa6300fa3d974477a7c9bde47d37

                                                  SHA512

                                                  9038cc554df231925b0d09f32e1ac12c544fab81e77c5bb332eb48e13d464f454f90bd7f1599ae9c217b40b379fd991f42aa2e4df00a1d359549c4f01c41c0f2

                                                  Download Submit