Analysis
-
max time kernel
34s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27-09-2024 12:54
Behavioral task
behavioral1
Sample
7c33d752-c490-4c9b-9f2f-10d8e2801b93.exe
Resource
win7-20240903-en
General
-
Target
7c33d752-c490-4c9b-9f2f-10d8e2801b93.exe
-
Size
7.6MB
-
MD5
b05d72850cc34ba37550702cae8f5b8c
-
SHA1
fb9ad3fe48df87d7c1b8485dbe1395a372083940
-
SHA256
ce6527512f164f20f9989a9e097760e53117688a74856105dab3b15d7ec550a8
-
SHA512
ba68cd7c7e0c36295fd877e08c52da66f0c191532c2fcca16763d63803cfbc71d74f118c2cb4be1919bc4bcd76aaba9842c6c61729f889c70de00ecbbd932de6
-
SSDEEP
196608:p6+wO/GzJJfj0NWBGLIrLF7LFjM75P9H2ZZRe6jOZwAZ8C:IwUXA83FljMNP9H+aZww
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2664-0-0x0000000140000000-0x0000000141202000-memory.dmp themida -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4240 msedge.exe 4240 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1928 wrote to memory of 3096 1928 msedge.exe 98 PID 1928 wrote to memory of 3096 1928 msedge.exe 98 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 2588 1928 msedge.exe 99 PID 1928 wrote to memory of 4240 1928 msedge.exe 100 PID 1928 wrote to memory of 4240 1928 msedge.exe 100 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101 PID 1928 wrote to memory of 3160 1928 msedge.exe 101
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c33d752-c490-4c9b-9f2f-10d8e2801b93.exe"C:\Users\Admin\AppData\Local\Temp\7c33d752-c490-4c9b-9f2f-10d8e2801b93.exe"1⤵PID:2664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultac43e096had13h408fh99d8hd8e47b647db51⤵
- Suspicious use of WriteProcessMemory
PID:1928 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffad7be46f8,0x7ffad7be4708,0x7ffad7be47182⤵PID:3096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14612994713597787462,5324414777160561291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:2588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14612994713597787462,5324414777160561291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14612994713597787462,5324414777160561291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:82⤵PID:3160
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3280
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:364
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
5KB
MD5fa8d6dad1a75706826f976e5ebab1b1c
SHA1402c15219d69c18027e268eab25812ad685ad44a
SHA25649d233a4ab60beb029d15109faa176647a13e6db5312abaac82aba7cfe4d52f1
SHA51213e9c6b07b946cc1d10822f7a2db80731559b15bbd5eacc7bf3491c7b41013443dab3d9148478946022f8b59dc5e331e5cfa8a164dcb8af33e330dbc58f9834c
-
Filesize
8KB
MD5037404068371cd45a5c040519272102c
SHA1d272fa8cb7a957ff2baa2f2434a385e74a3ab033
SHA2563f874c03ff0525a3f67eea3d7c30691a8ee0afd996aef11840837200cf709b47
SHA5122b8e50fe073ba5c59f28193d40a0bc88ab1b6e0a03f50f3a3a645e764613c56fcccb8667f903fe0d1b0eac7bf9a02618120bfee4bf5ae2169827a63d8c0c57f6