hxxp://sstm4[.]github[.]io

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22-08-2024 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sstm4.github.io

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\startpyg.py:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
1672	msedge.exe
1672	msedge.exe
2844	identity_helper.exe
2844	identity_helper.exe
3380	msedge.exe
3380	msedge.exe
4772	msedge.exe
4772	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3272	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe
1672	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
3272	OpenWith.exe
1640	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2044	1672	msedge.exe	81
PID 1672 wrote to memory of 2044	1672	msedge.exe	81
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 2252	1672	msedge.exe	82
PID 1672 wrote to memory of 3152	1672	msedge.exe	83
PID 1672 wrote to memory of 3152	1672	msedge.exe	83
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84
PID 1672 wrote to memory of 2776	1672	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sstm4.github.io
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd5c5e3cb8,0x7ffd5c5e3cc8,0x7ffd5c5e3cd8
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,6563828346498888620,1866493859376262317,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
247KB

MD5
0a497d4661df7b82feee14332ce0bdaf

SHA1
f77d06b0c5dedef1f1db051a44a2b0d7f233ba3a

SHA256
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5

SHA512
e036a2057f2bb203a805234b71e43f222c4317eb940d5d2126b417fcc27d470259083a9b129d048c8428746c6cccfb53a7095e9c9ce74768e48035aa8f81ecf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
63c09e936eb18a79428cae6cb15a6d46

SHA1
897775a425fe5ce3444196288d54c2d506266792

SHA256
47cb2ed8f0efa5e6dcc0429858e11640efe07973c5da7d26d849f17813efee9a

SHA512
4fba846f665a80bdd0b8f3dfd9c43c50bf3e36cf9174cd442424e218e9a34073387ce41e5578766270fe569e953f1ba38e60c730e36c3f53a3362858c21ca7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
539B

MD5
57caf2db0d209dcc1edd6fe3323be3b4

SHA1
99a155b0d6541da311f929ed4a9c34aab48a753e

SHA256
8b5448aa449b6f2ab5ffac32f0177beb60617d6e5f53fcb99c864185527c9e91

SHA512
41f89f8e6b8f1dab3f1a174d39b721cd977c3a8c2a30985f172448a182d53002087dcfb4a94b5aacb26b76426ecb49d9b9b1062c8752809ebb6462d5f51f20a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7d1e8f03845a243e3bea552623e0960e

SHA1
d43a604474920de30495474b3125813059cf383b

SHA256
6c6f1eac6d0224a9c9ad49a60834dd198b60dc2f5297acf2421104c4033a77c5

SHA512
fcd02f06d44fa1fb5cec26ad40f95f512bd7458b54bd199e11f70b6510943c08fa97367050e97f3fcd9558bc0e7d2d4b477f6be34f8faff3bc98a4dc2299e5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9913197564cf6087d9a83859cdc5c86a

SHA1
16784caea8a845b59e3c1eb9aa68f39dcacddc9c

SHA256
6d2cab085b1752ccd4f0333421b514b58f9889a3b44a5e43348c846ba5e1a049

SHA512
42a27f17e8aafe44cc367288ef090021c52fed7083875b6b31d5fdc89f587b254325013ac8cf683231a8e5bcdc2f317638c1fb3999f47eafeeace044025dad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b729144ac998915083677b3dd31bcf4

SHA1
be72a48b9a143fb4549bf47e27011d3d78b9ed67

SHA256
467672d77792b76edccaa6dd4efb6ace1c4bff184ab38a7eb073d0d3729964fa

SHA512
5d2d8584f225f73dc73438cdf2c0bdd7019946977f7c189492de5e812d2a471477052837e91b00b3eecaa62439aea3dc243c73145ac2f76fe7fd4ae8b29bddbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d795abb220d4483008786231b6460f2b

SHA1
b04393232374a52a31e1a8e51553a8033e09acb4

SHA256
42589013e7d8db293727d34860affd876863c94d50e3182cbfe1a61c9aa03156

SHA512
cb7efd2c64530b96fa65e8c4a4ddae13fa3ff15ea9f99dd5e05b9150acd80ed6e1bf89b548b94617b77cbed2042a28caab5cb8607b9aa4ad60cdf065d777744f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab71ad1072377848a7fc58516dbabb57

SHA1
4a7c32bc7d53bfd904c2d75df310e37734762ef7

SHA256
d67a518d77b613ca4f65bfac484301a2e49f92ee0fd79f7d68bbdb274d2ab483

SHA512
6a3a7a98fe120bcfe99781245ecf8d28fe53a3f918b0ed23c3f258dd31c5c3e95425993108c1e3dcdd605a4a2c038d48e7dc1ac1d2cc83d6394345b96dabcd2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35a20d9f6846bfbce0cf4f0ebd1c4352

SHA1
77ee8d0f6eff7c868d667c44a9e2b54c264031da

SHA256
2f89eef017e7f36d18e0f671015b4d8ba1836add190a31a5316e36da6c3b85a9

SHA512
de0bd8d3ebacefc4cb35291c2daab4215d3738ea11fc543e80e491ba134cb1d598e453db37402e6cb2b69b7fac4441e19aeb185f52272cbfd4dc21b28560ebc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e5bd8e4020a89e734a3592dc5c13f01

SHA1
8b358d78aeb2d2343b34c07ca99c31006d3dd30a

SHA256
3dfa0e2256fa49505569958b7880d52bbdac7a0e7f92398cdc1290e3c6d43c59

SHA512
f17fb3df77530c86b4978bf5ea7db15d39c869bd94522b5a93f7cb752dfcc1268b61ec244eca75850026d3dbaf2d05c5bc6dc64952852308859daccc55c22498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
946f31535b1732703f1a9fbec0328905

SHA1
6a6887510bec88955bf46b850971adf8681b6b0e

SHA256
dff9d67a239b88e2a0011971bca36ab2a3c6bc9cd2d4aa2c126ecb311feaaebf

SHA512
7a2ab757cd2cee9ad3e3b72ab5d400075366fa9f995d7d5fd08c49971405c0678237505496a205f431b78a26fb16e6298907ef058137448ba3606a4c30ceaed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
49e798c0bf857a6fe5f7c9faf71133f0

SHA1
e02a170ed618243e50b2ccf79b87193a5eb59cd0

SHA256
5304258d3014b4a548bb6c0e66d8683f7e46bb7e30247c17efd7b7293cb98d08

SHA512
4db9dd4018154a1232a5fbd3f4b4b435b5b2e2183b86aaa68edbfcbefb06b875dfa8af5dfb78eb1c601ed2099aa79d5e6e0668f63a6bfc184bd4ead829dce533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99c12b76016d44e7e2e633fc6d9ef58c

SHA1
54bc09e35bcc7e75eba1083594e28911e87b2248

SHA256
b49a2e09a854457e3a4e55d8cd77998734e0daf0eb4ea471a8f6ea911ce0e27f

SHA512
999ec0c53096d51b100f9c83c061f1b638506ca3abc496fcc711336a795b81581d16f67f1b803e41d25d7ccbaa28427b6a070a28c59ebcced84bd31d1ee575e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a91fd36de17e33517b89d9c7795c852

SHA1
15816b46f559fa5b77fdee04c6bcc3e0e1a8c4be

SHA256
507e7b8af4ef5c3d5fe33fe1ebbff2b721c782ca82fe9f2a1a2e871e4c5a0baf

SHA512
ce1a35dfc5e6f4a1f31375445a6504e905c51542c324a6834b649f2d3bcd1e5c7365a89229f75e652fc8715c2460519c4737e464006337ecf30cd4e6ffc1bd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
191d5a1de10436d03e0d9fe100cc696c

SHA1
b1f25ebf95ed523c4e822a593d3c3de122fc4037

SHA256
c0cb490e8c304c358da35e47731add51ea88ed774ceeb85a805c88c53b334ca3

SHA512
cd7ec88b5fd61e94d3ed2fb173c3004e39faeb153b7976b04947941d1707f15b98c9e3b505072edcc91defc3aea01b323e6b2a3c70cd5c1052088c8e5283c024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
f68532187d4b0a2791c8d4deda199504

SHA1
ee0ddad47649cb06134a30177eb6fc931bb38f2c

SHA256
e633795ea70f7e9b1a2f0fa37208e9c78bdd28c13823819b42f653ac3d144e58

SHA512
b18329daed3ce1b3192726cb678b0416d45005f201532a892bd8d2fd7dee42b68e01189b8acb3151702bdecf14112f47f914165573e432d5aaa591cf8c4f8f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f760.TMP

Filesize
202B

MD5
df697dc41dc08fca47a528e1fd4b6f10

SHA1
6a6299abe5ce88ceed873ec10f14eca2dd8d68d1

SHA256
a490717039360c54aaa30816719f7fbb5544adf920c42f8b89a2daa031a56a1c

SHA512
9d9eaf353b435c3d1c27a1dcf87465726ec495af451560363c39b20ae796865a47b34262c7954abfd6c2518bb69ed39f38597119d22cc5bc563c811098d5c51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3805fcb84354fc993bddfef266316fbc

SHA1
2cea72702dfd990e94b3283a9fcaa3f24c3edbb6

SHA256
30662b029202a129219cd121ca7f07aac86c1e8f57c26f40ae9fb0fc500a562a

SHA512
bd4f25e385cedd50636e01c9c4fee4db1af899d9154f7b833dc16ba7adf016e55d9091d94927d9730500d0a453fe5e9b53e972296eb3e8a3a34659313747df79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1efcac915d7cc3c15b37afc6175e4256

SHA1
f56b191046e05a05a04333a2caea85e9c01582ae

SHA256
210b6844470e141af599d8ec3317a4dba77293827c761dfd4d37c621b9ace946

SHA512
7f0aac5696e17fe9211127d7e5d80e9c689d2fd780f5d664023e717d01c0e2756dad3e85dcb15ceb423e81f8c68f14f8679a53f82708ba3c5e43b61db7c28e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0ff2511e26edbbb31bbb94ba22bc5a4

SHA1
42bd2dc6e2ab4e22b3aaecdb87cc27474f691c9f

SHA256
dd4dd4d2d750d729185514f551a82b93795ae99d35cd42b1798faa9434fdf480

SHA512
036b8b9dd2ad76729c4f83c9ab8726bff8a1b29fafc5cf2643b37818a183a2d946b66d82cb77b0cb5d3614ba596b5587dfb8778f956ac5099a4ee7f8c5210136

Download Submit
C:\Users\Admin\Downloads\startpyg.py

Filesize
1KB

MD5
8b7bc5f1065cb22d32658c7092495323

SHA1
be022d012d2dc2eabdc0f10efdde75e33b75596e

SHA256
cf89cac9704502c1b9ed54ec54aaa86594109b89faf083bcaf74457eea5aff73

SHA512
de752efc6ef8626a5bc363378c187f73319cd8e57e48fc70b214684c376cf19eef2486a4f722aa8fee7ddaf6b97788a152055cd4730d2c9baa9bec91bd2982c0

Download Submit
C:\Users\Admin\Downloads\startpyg.py:Zone.Identifier

Filesize
131B

MD5
bc84ff19f7d175c391a0c4fcd509c9f9

SHA1
f89d055a3736b7c16f98d716b0cd4e1cb8d91aa5

SHA256
cd7a3893d90e8e0dd569e29cd73608014c8968e0db1d637d284724d571945b8d

SHA512
f407e4b4658e159a8a4a7ded49f4167006edf20836ebb26315b1a3e57614aaca7f53677070a124212f36dd85fc3be05fec7f002334da062ab3db58a9b736d7df

Download Submit