Resubmissions
23/10/2024, 22:53
241023-2tykrstbnc 320/10/2024, 16:34
241020-t24gzszfrk 320/10/2024, 00:10
241020-agdlaazamq 1020/10/2024, 00:07
241020-aeqstsxckf 320/10/2024, 00:05
241020-ac6q9sygpq 320/10/2024, 00:00
241020-aarvbsxana 8Analysis
-
max time kernel
152s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20/10/2024, 00:07
General
-
Target
https://steamunlocked.net/
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamunlocked.net/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f7dc46f8,0x7ff9f7dc4708,0x7ff9f7dc47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6348 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5412 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17976716585102308414,16042411531210481418,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.4.0.Clean.zip\MEMZ 4.0 Clean\MEMZ-Clean.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.4.0.Clean.zip\MEMZ 4.0 Clean\MEMZ-Clean.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b452⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f7dc46f8,0x7ff9f7dc4708,0x7ff9f7dc47183⤵
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x49c 0x3e81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\inetcpl.cpl2⤵
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556a4f78e21616a6e19da57228569489b
SHA121bfabbfc294d5f2aa1da825c5590d760483bc76
SHA256d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb
SHA512c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5929b1f88aa0b766609e4ca5b9770dc24
SHA1c1f16f77e4f4aecc80dadd25ea15ed10936cc901
SHA256965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074
SHA512fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
4KB
MD5b4430883330bd572d2f0d372f59c0956
SHA1907d9cd66827f44f66f0ddf439bdaa74ccf31193
SHA256a485fa43fe14ed3d89ac417bd77108059463989a1f816781594499f983382bb2
SHA512bee10e2d611bb1f0dcab6194d98a1a80100c1a9c367473b5ae8ecd2b7ef3ed38ffc15c63d6378e4c116b9abaef60c97577a79b26d2f63766fd241d497cf7a4d3
-
Filesize
168B
MD548abecd89af95d7d0056d83ba7c8cf6c
SHA1f42646df7072946408b4f8ef662957612160c44e
SHA256a23f6859a9ac97df35f85a9ae2a58efc6605c4356a7e22651d62b9ee79061613
SHA51207902039f624203d773573c88a6c2b39882ad595b70ff56ef3da76dcbc33fcc84f1d19617452c71ac1ce6ac4391224a0e49c7a5b92a59766262df7316f7a6c7f
-
Filesize
3KB
MD5cfe928ccf04df2036b4e86fc6d258291
SHA1996f7a2a30ede06c7083fa53f588b1e8e5ee7578
SHA256bac05f6cea0bf9e45ecfa677e5bb12883ae35e75332c5721ee20df067488a9ba
SHA51284a2afe49e9acdbccdac6f47f68df44f4ceaad2fca30f8dca5618af5ecef9bf60b96ec8ea48176a9d189f1aefb38c1983edd12afa64ebe12b8618af0cfebbdee
-
Filesize
3KB
MD5a0cb1734340cc46b883f12b701e4907a
SHA1c8759f97c9c681b698f1f7f9499841803ccf6d1e
SHA256265f9605e0886ff81cf921438a724aaad5805fc3519ef0b6093248c991af34b9
SHA512de6a58dea81f32d2dbffbac4e8bed17b7ae41c86f8c6bd2c83dcb0ae98abef7fdd2e2ab189741d3d1811bb228ddd0aeb3990b3f3d8706ba6beb2767dc706c3a9
-
Filesize
1KB
MD52d70351dd24052c7ecc49b41c94c3ea1
SHA1ed6fc3196cf3917c70caf2c5e6eae16b0faf9521
SHA25612cbf2c3b753f740f4da7d7669a4b70c8962fdb8e15a8f2935f5487d04f099c5
SHA5126dde71f08d597ec3424a241b719c4c68b500f55426a36a23d1f0eaf455f503fc979de98541cbbd62c8a9775d36ae743db83be0cd38d1eb27a506bf7f19b950a9
-
Filesize
3KB
MD5034f7337a3a818984325d9256070d190
SHA1cfdeba56aa23c3063d031e56e25ec90974b0101d
SHA256e84e11c6899b16e12c803c4e503e1ba12a6df73f69c7c25aefe5e7f2f5389843
SHA512f87f6e15fcd5503f8880799f204f2f79a194502ed5679a3d459b242da6dd3b12fcb6c2e26397b7b4c86ae03727a9b0c4513be67b65043de46e9488b11e671762
-
Filesize
5KB
MD52bf8fce7fee7083e477db17c3f15b12e
SHA115e3a266b29e926491b4169e6077be8343de9dd4
SHA2562e4fe71a887b32e54cf103197fa335b43d80b567be87f3ccc1e992d304c235a7
SHA5128885af7ce59114d6f0e6b59634d969ba004f4bea02ce7110b5cf065ccf9532d6d9414fd84d0873285972bbe30779d54fc58194f885e0d67afb6f868f91a1547e
-
Filesize
8KB
MD53a20c6638dde53fb76d8f8d011210229
SHA1020a527264f0826eca06f3a324969bdd1ed0e663
SHA256aa9ef8f8269a89da50a256726acefb3cc9958de7271a002c85225522117340bb
SHA51298d399d9901ee5a53356bf4abe3474843cdd93e8c6aa1d789396a614c284adf91a76c606ae4d356c6d2236c66a6bc6c33fbe8b15a266579e7433a9bcf1326774
-
Filesize
6KB
MD5cc7b77b99e76febacc988e50c9becae7
SHA170e7bb040f480e69fc360fc2da5ff10e13e1797f
SHA2568504428e9950b1ca39b18f14169d524408b56467b961cd8e54eb07a098c00337
SHA512baa75a23b8f326e1f28d6324d43f3e7d0fe8351a3634772547aec048dbd8226604b914244fba70a845c74db4e0927c706c38d33b548748f4201a4a3424b4050d
-
Filesize
7KB
MD591724d1b6645b8a531070aeb7e4a020e
SHA1f60d6d9d7b6a7d0d78e58c0db1b47e59fd26df35
SHA256738c02069502019a0daad1cec1fadc32d668e7d933de496e5cd27e609a26242f
SHA5122d9fc5ddaab3516a3bf04e7f40c955b8168fee1d039880009c5b08a4d69c3793d6be02300f5258a836de8927b4e2e54e8738702390b31761c7e62af4409861a3
-
Filesize
8KB
MD5310218ac3bc7a9b767402416ba93cd7b
SHA158c474f8c7942517bf9cfb8003116959144d2fdd
SHA256d0dc152a8be04ce852b7af7285bc0ff3d1a8b682b6b32a59ca91069daf52a741
SHA51211790b26525793933ab4a4ddafda383b265ad408eb1343c53877315d8a292e54145c3bce1a718c5041758660bbe7c038e14052cd1a288dca778f2f7fe88677b1
-
Filesize
7KB
MD51b7254137e80da6dedf601d41bb86b81
SHA1fc8d745e934c68a69f455589cc6f6d7f5988034a
SHA256b4936f1cd94b2c41530ba425c056c50ba9383198fe3087d84750739805d00adc
SHA512045a3839a079492bb5ba69d84e276b1c25556c4be19d7d8ed0af4a508a640d7b00d91a87f836bce55fc6569bdcfce479ae83640b8a43745baf3bbee095b2bfc7
-
Filesize
1KB
MD5d3e3d00803a2bb568bba91c17d3499bd
SHA1aabb9a89ca2e1d5c6690e4de146a8d4230baef98
SHA256aa2821e9cdd8cfdf5f85f0bb588301726702b7afdc0631c2d7dba9f6834ef1f0
SHA512868430178c9fe5f01ec95a29bea00f50050a891a81e81c194654c451816fe671e67f1f857574d576d1ba7d914d13d1ceb0b21956cbd43c02fa47b7196bee96b5
-
Filesize
2KB
MD5983268e9d9e38b220ad6d560d7fb9f83
SHA12a4ab5c85bdbef6049c5cd801f92f5a868f06776
SHA2569b0c25b9416f1b2d802f5ed64004c4aeaaa96d69da079d0f71fc8c27b1b86abe
SHA512e0eded4d0b20096b05053436e18389b06f3a8fb6afb79b10e959f1a696b5e16ab13a02ec29f10c65f452bc9aa3ee729c167184f7597f93b3e7b5bbc3ff1da1e9
-
Filesize
2KB
MD5c0a6fd73548fb9a221aa38a9ff87a9b5
SHA12fb2d69bf231a5fd18a763801576b781736b456f
SHA2567608df7bcd022ebee3d4954159873f72be765c714cc0139863a7f2526a541fa5
SHA5126f9f10f63e43dad7fcb97f896434594236c9c3f01fc04583e5bd7051103a6105f713b826c9417b9d5023493ae1841294fdbfd4255982429fc27cbf3127366f3c
-
Filesize
1KB
MD563337cbb477ef3f7bcd2e48e48259622
SHA1d93aefc04f13189cb830f18ab47275f60436708e
SHA25642208807db70bec44d8e5abc9bd6b05fb4d82c1b83d874ad53abb401cf650c33
SHA512fa2f6a02b790d300fc2fa05874d2b28ad32c162ab0ba72eefa64ead104c00c7cb0c2227cab0823412d043d9aea172a3a8cc10c3ecd79bf1e683a3693c0f071c0
-
Filesize
1KB
MD5fc001cd91ecdc60d7a7247c716a6cd7c
SHA18ad7ab9c5ed29706c9619765df26f0072221caf0
SHA2566e5be1e7b882f5656206720990d865dc57258bedc13d45dfbe125729688e8ef7
SHA5125d3490ba51ec0d3bcd3a94ef4b6542f436767121622403dc446d99019385dc6197aee16e986c8ddc96c089f0bbd524e6286b6e700a0fc24d1e39d11b5990aeb3
-
Filesize
2KB
MD5eea2c078365feb14fe6d4a298c0e15ef
SHA152cf3e53aba0a7ca9d94fdb8af1146e7250de305
SHA25615129a1bc968f72487b72d6e2f195e4d97c8eff60ab0bf5222ce1ecf3c73aaa5
SHA5129595a1a12256a518dc25136cb64a3e6956fcd5ebf891c7c831ee2a4c29dddc331603cd3d10feec0bd71ef216b60b0658da08a4cfdba9efd05ddb63a1bc71cf68
-
Filesize
2KB
MD54471918c832e04d50b97694b7200046b
SHA1bd27beace60434084c25dfeaf8bc2887519838a5
SHA256414e897ca74a9ce6a64375f3b3d7c7f589778b9cd7fddbdf5b0fea5b7734ef3f
SHA512ddf97dad91d621218a6f01038681b1e71ee60a66307840ded46b501faa921a4cad118f62a5954b63ff207569a48e6f6dacbbfb5d41cce8c15444df3bc8cbdb6d
-
Filesize
367B
MD5974baed01232ec583f70bede03a8a1f0
SHA15790074eca11a0cb1841283e17234912a86928a8
SHA256f984e3ccfc200e0aab9777296bcdbf200b78ea7ce4fbd52f427e77123f6af2aa
SHA512eab9e2a46b8f409c3d0d5b3572f99ec95d811db8e4e2ecabf22260fa24335dd290f2420ee15e92e609367d80fa909f1f709ddade0727cbd200754ea814f22e43
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52bd31787c1e5fb1d76deeb95194501ad
SHA16da456f14a24f0c38f4eac1b5385b4ddc01e16d4
SHA2566bfae6af110845d8ed10aad1df5b545f5a321bd82d3f01ed996ba3a3f726ed1a
SHA51281243c6db4e1e3c96a6eb2d576f4d081f0a7066cae2ea3110c47284ee87bc436e009886648b9c46a4ab238f31f016d2d73c303853dc408450f537a653899028e
-
Filesize
12KB
MD50917902ca1fbd80a05feef0c616ec1f7
SHA173485a3b451e15016172ba2b6427d422e01ae48b
SHA256093473744177ecd6b7baf10b0b8e10122271521657c551c73ba2fdf0d3c2d418
SHA5125a73a80496d615066690da4a5855bad454c5311dff1bdb82a7d8620c7e4eafea477b5d0415776343aba8328f47b9d928b95c54e4c3cdb81dea3206c5aa44a1ea
-
Filesize
12KB
MD571b56100d7b61859e4538247a2ab2c4f
SHA10b28c78ad990025cd970d1a856fbc2d02ced1a27
SHA256d5b22eca6313efe77b78072593dc80f474833de39a7479c11a3528db72c6b844
SHA512870bd763591864e0cf0acbf4bd88ceb6439620a86f60737ea1ad99021f18c347b339b1d54e99e70d01eb4e1184c48e2711b387a3c5cc7ce6cbd4eaaad72430cd
-
Filesize
12KB
MD57104e5c8ed9b4cc9aa4032f0098fbecd
SHA1ffeda6d50b3e37aa609682defe013ec36b3e4ac9
SHA25637c5e44d0106c05cacb8f374249b9321bbbc1a76b849e2b6a20e63b2ab674d98
SHA512532383b0663bce681a01df81f1fc6bd5c6fbaffe2d13cc9f5eda5b8c52912ea8e9905e359289338d9d5fc02f5fb39e5e561fd24b440c924ee5732c95773dd4a4
-
Filesize
12KB
MD596ad8a76b0d85864af26a462321bc4b9
SHA18036ff71a129fa9f92883d725fe102e254d58d5c
SHA256160e405ca64006fc84677247f8d67c0924a70cdbb4c4138ae10b0842220cf194
SHA512db1ce5cff818ae0368e94dbe4ba1142e98473a084fc2183ca0b7fdb6aa25a3d483dcaf3373e5cf41cc6d46e1d5cf838c5a04ce0a89be4ab38380cb6edde909b7