Analysis
-
max time kernel
182s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
22/08/2024, 18:07
Errors
Reason
Machine shutdown
General
-
Target
https://mega.nz/file/fQVCRaTB#IKcnQNmWDMl1sDasseYQQAzX4aDbraVlWib5RR6_lns
Score
3/10
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/fQVCRaTB#IKcnQNmWDMl1sDasseYQQAzX4aDbraVlWib5RR6_lns1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4928,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4040 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4932,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5428,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5440,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5940,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --field-trial-handle=6156,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6032,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b4 0x2e81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5484,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6668,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6748,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7064,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7272,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.89 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.86 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ff88babd198,0x7ff88babd1a4,0x7ff88babd1b02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2284,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1896,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2236,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=1944 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4528,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=560,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=4460,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --field-trial-handle=4844,i,10763973417756101176,18300179199893486497,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3892855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
1KB
MD5837b9b60aa00636bad6c3ed1fb63b74d
SHA13698537344e1b3a7db4d78d77f17fe694346de7d
SHA25615099c3ff918cc2a4b236b313a0999ffbce0a0fda320156dc63c338b90dd83b6
SHA5127b4368cf1b9405a49c98005f632646b48dd8c169ae4e270ddc57de1c3d1b41abd8fbeac7e6c50a62beb2758c6777375f6002754307ac7c8bbc44bd8bf8a30653
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
11KB
MD52bcfd929b52cb7ac0016a77d348544d3
SHA1ca1161c89a010e64001b1b7c7bcbdca538fe146a
SHA256fd90b1261e4b0e9ef43a43da9f15ed7e670aa207285d64489e9c0d5c23ce2f1c
SHA5124745d892b6edb2650d026e5f1c284ef07d364745b41aef7b7ba7514e45a885e5949a30a4775b9b6b0c71146ce53dc54ac21dac25f2d65c133ef91335d2d843a7
-
Filesize
30KB
MD5577ca4289d53b3d5e62f180e48245f4a
SHA15aa1ffd453f84ac13b7b0d0b499be3f9f1faf3da
SHA256b92729d2b9489c69b04a75ce79038f092a543997551d9e8df3eb2b3ae33163ae
SHA512e6402b9d4e59fbcd70d5edf1cfd44359d6fd4428dbab2e3c0511988e9d2697ec7238a4d55083088d7a1b479b62d1b93a65f10c566d4a0ef6c0a30bdecea51b87
-
Filesize
66KB
MD5c9a339c97e5c53d41ac984227af3f964
SHA159c730c8e5511cb6958a4bda97d2d12f94a18c80
SHA25618e170a34ff95993490e3296201703c79b272658ad8e691efdc587f65d5acbcd
SHA5123e681f8e10be5df0f887982e9521b1c3dc1f2840857820707cf7c378e53418ad886495b40c5e93fd6903f3d56605f32af903ee98395a7a7cd4a44735e88f5a73
-
Filesize
62KB
MD53ec91003aec38923e71c8e202ad1db52
SHA19b8ebd98fdf4c32c51decf21b3ec8116571d207a
SHA2567c95012b858886696be8a5d7ef1d19acb0dd8eaf1ed1e00284a6b07dacd80eb2
SHA5120afceb4eaf9e5ba29a89e57c014dcecdd77428759004b394ce6255ba0c74eaa187028f4fe69c5fa6030452332a96c798ebbd93717da3c4a66c40bac107cec749