Overview
overview
7Static
static
1WinX/Group...op.lnk
windows7-x64
3WinX/Group...op.lnk
windows10-2004-x64
7WinX/Group...un.lnk
windows7-x64
3WinX/Group...un.lnk
windows10-2004-x64
7WinX/Group...ch.lnk
windows7-x64
3WinX/Group...ch.lnk
windows10-2004-x64
7WinX/Group...er.lnk
windows7-x64
3WinX/Group...er.lnk
windows10-2004-x64
7WinX/Group...el.lnk
windows7-x64
3WinX/Group...el.lnk
windows10-2004-x64
3WinX/Group...er.lnk
windows7-x64
3WinX/Group...er.lnk
windows10-2004-x64
7WinX/Group...ll.lnk
windows7-x64
3WinX/Group...ll.lnk
windows10-2004-x64
7WinX/Group...ll.lnk
windows7-x64
3WinX/Group...ll.lnk
windows10-2004-x64
7WinX/Group...nt.lnk
windows7-x64
5WinX/Group...nt.lnk
windows10-2004-x64
7WinX/Group...nt.lnk
windows7-x64
5WinX/Group...nt.lnk
windows10-2004-x64
7WinX/Group...us.lnk
windows7-x64
3WinX/Group...us.lnk
windows10-2004-x64
3WinX/Group...er.lnk
windows7-x64
5WinX/Group...er.lnk
windows10-2004-x64
7WinX/Group...ut.lnk
windows7-x64
3WinX/Group...ut.lnk
windows10-2004-x64
3WinX/Group...er.lnk
windows7-x64
5WinX/Group...er.lnk
windows10-2004-x64
7WinX/Group...ep.lnk
windows7-x64
3WinX/Group...ep.lnk
windows10-2004-x64
3WinX/Group...er.lnk
windows7-x64
3WinX/Group...er.lnk
windows10-2004-x64
7Analysis
-
max time kernel
92s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29/08/2024, 17:45
Static task
static1
Behavioral task
behavioral1
Sample
WinX/Group1/1 - Desktop.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
WinX/Group1/1 - Desktop.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
WinX/Group2/1 - Run.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
WinX/Group2/1 - Run.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
WinX/Group2/2 - Search.lnk
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
WinX/Group2/2 - Search.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
WinX/Group2/3 - Windows Explorer.lnk
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
WinX/Group2/3 - Windows Explorer.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
WinX/Group2/4 - Control Panel.lnk
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
WinX/Group2/4 - Control Panel.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
WinX/Group2/5 - Task Manager.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
WinX/Group2/5 - Task Manager.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
WinX/Group3/01a - Windows PowerShell.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
WinX/Group3/01a - Windows PowerShell.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
WinX/Group3/02a - Windows PowerShell.lnk
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
WinX/Group3/02a - Windows PowerShell.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
WinX/Group3/03 - Computer Management.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
WinX/Group3/03 - Computer Management.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
WinX/Group3/04 - Disk Management.lnk
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral20
Sample
WinX/Group3/04 - Disk Management.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
WinX/Group3/04-1 - NetworkStatus.lnk
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral22
Sample
WinX/Group3/04-1 - NetworkStatus.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
WinX/Group3/05 - Device Manager.lnk
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
WinX/Group3/05 - Device Manager.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
WinX/Group3/06 - SystemAbout.lnk
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
WinX/Group3/06 - SystemAbout.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
WinX/Group3/07 - Event Viewer.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
WinX/Group3/07 - Event Viewer.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
WinX/Group3/08 - PowerAndSleep.lnk
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral30
Sample
WinX/Group3/08 - PowerAndSleep.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
WinX/Group3/09 - Mobility Center.lnk
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral32
Sample
WinX/Group3/09 - Mobility Center.lnk
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
WinX/Group2/4 - Control Panel.lnk
-
Size
1KB
-
MD5
eb34fbc2cea6bdd695becc79bb33d6f0
-
SHA1
483d7910d5318a60d7cd4d8d40cc4931d8bb28cc
-
SHA256
7410d3bfdb7074fc067e2c46a9eeee283460cc988de050b3c51c355b862f1cb8
-
SHA512
f3f8b8a526c35ac9fda7c2cca4d79bbcbcbab22dd041bed413cabd6465bd62c3c1adc1d95cc700f3b133f3379542804448008414bee273bd952ebf69c1808fc6
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4312 msedge.exe 4312 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2204 wrote to memory of 3592 2204 msedge.exe 92 PID 2204 wrote to memory of 3592 2204 msedge.exe 92 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 2888 2204 msedge.exe 93 PID 2204 wrote to memory of 4312 2204 msedge.exe 94 PID 2204 wrote to memory of 4312 2204 msedge.exe 94 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95 PID 2204 wrote to memory of 5020 2204 msedge.exe 95
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\WinX\Group2\4 - Control Panel.lnk"1⤵
- Modifies registry class
PID:4880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4f08caa7h77c9h4a68h81c6h3a3fb7649dab1⤵
- Suspicious use of WriteProcessMemory
PID:2204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff8dfa746f8,0x7ff8dfa74708,0x7ff8dfa747182⤵PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,16872285245304573463,17760127903381295654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:22⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,16872285245304573463,17760127903381295654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,16872285245304573463,17760127903381295654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:5020
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:972
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4264
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD538f59a47b777f2fc52088e96ffb2baaf
SHA1267224482588b41a96d813f6d9e9d924867062db
SHA25613569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA5124657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b
-
Filesize
5KB
MD563603e430261744a17ab2fa3b8b2b94b
SHA17ffba273c07cdeeba95a499f5bccd50dc3ab8dd0
SHA256e847c9b2d6149ddbaed08dfd7f5918693110587233e1bae5a07ced2af1d78554
SHA512ebf36286b866870d1f6a82fd08a28b107f3a6a47467c15e70c8d50996f71fed2dc9cfe560d8928e9d1120462d378e50969fecce890ddab427ae6a9bf3b8ab042
-
Filesize
8KB
MD5edca00864bb5696fdf1ff372975ff0f4
SHA1fd2b948eab1c61c7a78a04e53191602c73b94d21
SHA2567becd59fa287a6f1811fb6635a18e9c95b7d5c604aec22f768f58c9952c3201e
SHA512ff14b83430f9b9f45a49a8774e5bcd46d4fdcc768b59b60670f7e2bc9a4a8d93fce926a01e66585414b6d790e3975832ad084315c05c238fee2c2625d608859b