Overview

overview

10

Static

static

3

29d877367d...14.exe

windows7-x64

10

29d877367d...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-10-2024 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29d877367db8db212c287c1d00ae96b837c492a7053d945a16db52ab100eb514.exe

  • Size

    916KB

  • MD5

    507d8b23a93c2f5832c2585f1a6b602d

  • SHA1

    657ccb76cf81e45114364e8ee287dce0257bc835

  • SHA256

    29d877367db8db212c287c1d00ae96b837c492a7053d945a16db52ab100eb514

  • SHA512

    f7a3aa549267e6d84d0664ad152bf46ec87c606bc74e29750f2a5725a8fa0aef23f87362eee11cf9c6c7855d30c3592baa77f38975d47ab351d04ff64c6528ac

  • SSDEEP

    24576:pAT8QE+kEVNpJc7Ycw4Th7k16ThM5dJ5Om46EYjdnx+Z3:pAI+bNpJc7Yc7dXUxOm46Fnx+Z3

Score
10/10
raccoonredline507635788776426c3f362f5a47a469f0e9d8bc3eefafb5c633c4650f69312baef49db9dfa4nam3discoveryinfostealerstealer

Malware Config

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:34589

Attributes
  • auth_value

    64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

5076357887

C2

195.54.170.157:16525

Attributes
  • auth_value

    0dfaff60271d374d0c206d19883e06f3

Extracted

Family

raccoon

Botnet

afb5c633c4650f69312baef49db9dfa4

C2

http://193.56.146.177

Attributes
  • user_agent

    mozzzzzzzzzzz

xor.plain

Extracted

Family

raccoon

Botnet

76426c3f362f5a47a469f0e9d8bc3eef

C2

http://45.95.11.158/

Attributes
  • user_agent

    mozzzzzzzzzzz

xor.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 5 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29d877367db8db212c287c1d00ae96b837c492a7053d945a16db52ab100eb514.exe
    "C:\Users\Admin\AppData\Local\Temp\29d877367db8db212c287c1d00ae96b837c492a7053d945a16db52ab100eb514.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RyjC4
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3228
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
        3⤵
          PID:5040
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4991777666246527198,17498788769650899390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
          3⤵
            PID:392
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4991777666246527198,17498788769650899390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2960
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1A4aK4
          2⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1940
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
            3⤵
              PID:4136
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
              3⤵
                PID:632
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
                3⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:4300
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
                3⤵
                  PID:1820
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                  3⤵
                    PID:5116
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                    3⤵
                      PID:4336
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
                      3⤵
                        PID:5800
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
                        3⤵
                          PID:6080
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
                          3⤵
                            PID:5124
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
                            3⤵
                              PID:5792
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
                              3⤵
                                PID:6868
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:7064
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
                                3⤵
                                  PID:7080
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
                                  3⤵
                                    PID:7092
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                                    3⤵
                                      PID:6448
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
                                      3⤵
                                        PID:6472
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4312323943907511057,1278689096940588068,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5452 /prefetch:2
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:6120
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RLtX4
                                      2⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:2436
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
                                        3⤵
                                          PID:4440
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2601971691288791311,327622634009139715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
                                          3⤵
                                            PID:5012
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2601971691288791311,327622634009139715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
                                            3⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:1692
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RCgX4
                                          2⤵
                                          • Suspicious use of WriteProcessMemory
                                          PID:1000
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
                                            3⤵
                                              PID:4512
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,11244957517908916604,7036527736001710738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 /prefetch:3
                                              3⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:5688
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1nN6Z4
                                            2⤵
                                            • Suspicious use of WriteProcessMemory
                                            PID:2736
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0xe0,0x7ffe262f46f8,0x7ffe262f4708,0x7ffe262f4718
                                              3⤵
                                                PID:3260
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,14598246189827700633,3935663479549552233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
                                                3⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:6056
                                            • C:\Program Files (x86)\Company\NewProduct\F0geI.exe
                                              "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:2208
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 1048
                                                3⤵
                                                • Program crash
                                                PID:4152
                                            • C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
                                              "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:2944
                                            • C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
                                              "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:4092
                                            • C:\Program Files (x86)\Company\NewProduct\real.exe
                                              "C:\Program Files (x86)\Company\NewProduct\real.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:3700
                                            • C:\Program Files (x86)\Company\NewProduct\safert44.exe
                                              "C:\Program Files (x86)\Company\NewProduct\safert44.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:4076
                                            • C:\Program Files (x86)\Company\NewProduct\jshainx.exe
                                              "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:408
                                            • C:\Program Files (x86)\Company\NewProduct\me.exe
                                              "C:\Program Files (x86)\Company\NewProduct\me.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:428
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:5424
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:6000
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2208 -ip 2208
                                                1⤵
                                                  PID:4540

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Program Files (x86)\Company\NewProduct\F0geI.exe
                                                  Filesize

                                                  339KB

                                                  MD5

                                                  501e0f6fa90340e3d7ff26f276cd582e

                                                  SHA1

                                                  1bce4a6153f71719e786f8f612fbfcd23d3e130a

                                                  SHA256

                                                  f07d918c6571f11abf9ab7268ac6e2ecbcd931c3d9d878895c777d15052aae2b

                                                  SHA512

                                                  dee3aabfca7912f15b628253222cfe8d8e13cd64f0438e8d705b68b0a14b4c9523b7a207583be7b424e444d6b05f237484a0c38bf2e075d347ef937d409a3a69

                                                  Download Submit

                                                • C:\Program Files (x86)\Company\NewProduct\jshainx.exe
                                                  Filesize

                                                  107KB

                                                  MD5

                                                  2647a5be31a41a39bf2497125018dbce

                                                  SHA1

                                                  a1ac856b9d6556f5bb3370f0342914eb7cbb8840

                                                  SHA256

                                                  84c7458316adf09943e459b4fb1aa79bd359ec1516e0ad947f44bdc6c0931665

                                                  SHA512

                                                  68f70140af2ad71a40b6c884627047cdcbc92b4c6f851131e61dc9db3658bde99c1a09cad88c7c922aa5873ab6829cf4100dc12b75f237b2465e22770657ae26

                                                  Download Submit

                                                • C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
                                                  Filesize

                                                  669KB

                                                  MD5

                                                  b5942a0be0b72e121dadb762044f38cc

                                                  SHA1

                                                  885909607a9747c11eac6cc47b775ad947980c5e

                                                  SHA256

                                                  c565dd409f6d17997285f6fcecf851c56ddc3129c2a777529e8470290565ace1

                                                  SHA512

                                                  d2a916738fca01b6b5a27639fbefcc7406e79f8493d8f69015c60d07d0341ab8aa8e4e3ab50208161b7398bef62b9837e11524ffefc502b9f09efc011974e3e7

                                                  Download Submit

                                                • C:\Program Files (x86)\Company\NewProduct\me.exe
                                                  Filesize

                                                  274KB

                                                  MD5

                                                  2eee4c301ce357df8f235957fcb774b3

                                                  SHA1

                                                  f9fd1eac58b5f40475269a1e8eb1675227e2389c

                                                  SHA256

                                                  66cc79df9054fda09648b64a230427d4a574f8349de871e922fbd20432b431f1

                                                  SHA512

                                                  590589c3f8ee16f12539b943ba04402771372fe7748fb689c03b5681466ec8d3f3778007224e0a7fac1413f188aaee59a754cad2d0194af1130a8ad3191466fc

                                                  Download Submit

                                                • C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
                                                  Filesize

                                                  107KB

                                                  MD5

                                                  bbd8ea73b7626e0ca5b91d355df39b7f

                                                  SHA1

                                                  66e298653beb7f652eb44922010910ced6242879

                                                  SHA256

                                                  1aa3fdc24e789b01a39944b85c99e4ac08864d2eae7530164cea2821acbf184e

                                                  SHA512

                                                  625cc9c108b4660030be1282493700e5f0ccfb973f466f61254ed1e1a96f5f042cdeaa94607825a2f694647468e2f525a6451542fe3aac785ebac1ccfe39864f

                                                  Download Submit

                                                • C:\Program Files (x86)\Company\NewProduct\real.exe
                                                  Filesize

                                                  275KB

                                                  MD5

                                                  a2414bb5522d3844b6c9a84537d7ce43

                                                  SHA1

                                                  56c91fc4fe09ce07320c03f186f3d5d293a6089d

                                                  SHA256

                                                  31f4715777f3be6a4a7b34baf25ebfc7af32dd9a2aae826fc73dca6c44fda173

                                                  SHA512

                                                  408ebb002b3bdb77dc243ced28d852801e68e5ff0dbfa450d3e91b89311fe6a3e8473e749619c285c1a5427d8a117350a3798435ed38b56d1a230f0ae270ec60

                                                  Download Submit

                                                • C:\Program Files (x86)\Company\NewProduct\safert44.exe
                                                  Filesize

                                                  246KB

                                                  MD5

                                                  414ffd7094c0f50662ffa508ca43b7d0

                                                  SHA1

                                                  6ec67bd53da2ff3d5538a3afcc6797af1e5a53fb

                                                  SHA256

                                                  d3fb9c24b34c113992c5c658f6a11f9620da2e49d12d1acabe871e1bea7846ee

                                                  SHA512

                                                  c6527077b4822c062e32c39be06e285916b501a358991d120a469f5da1e13d282685ca7ca3fa938292d5beef073fbea42ff9ba96fa5c395f057f7c964608a399

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  37f660dd4b6ddf23bc37f5c823d1c33a

                                                  SHA1

                                                  1c35538aa307a3e09d15519df6ace99674ae428b

                                                  SHA256

                                                  4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

                                                  SHA512

                                                  807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  d7cb450b1315c63b1d5d89d98ba22da5

                                                  SHA1

                                                  694005cd9e1a4c54e0b83d0598a8a0c089df1556

                                                  SHA256

                                                  38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

                                                  SHA512

                                                  df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  180B

                                                  MD5

                                                  4bc8a3540a546cfe044e0ed1a0a22a95

                                                  SHA1

                                                  5387f78f1816dee5393bfca1fffe49cede5f59c1

                                                  SHA256

                                                  f90fcadf34fbec9cabd9bcfdea0a63a1938aef5ea4c1f7b313e77f5d3f5bbdca

                                                  SHA512

                                                  e75437d833a3073132beed8280d30e4bb99b32e94d8671528aec53f39231c30476afb9067791e4eb9f1258611c167bfe98b09986d1877ca3ed96ea37b8bceecf

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  59410d4c2cdccc81f9229a8387cb60a1

                                                  SHA1

                                                  ab447440ebf3688fc2b71b16cfe10939c3f609a2

                                                  SHA256

                                                  716cf5fcc1a3c2810c2ba205fee4cbf28d4903c8792e7787b837a2317b518f27

                                                  SHA512

                                                  8922137f46cc5fc34a074a164ca3f908bb155631f78f983d09f26828e42bebc526df7f2fa6c41959ae606e660e9b4bd2f1d9f41d930ecd3992658112eeb0f8a1

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  ba5792f06e82acf09e2b659686e98a4a

                                                  SHA1

                                                  5be538380a27873990f555783eb3088ae83fae37

                                                  SHA256

                                                  27d7eac10f697b62ff7c81f103f6798a1a6e8c5be050fd527b14418e580437ea

                                                  SHA512

                                                  cc06725a8f8a1815f80b64225a428c6f9b8ca9f479917dac98c40423365042c356bf25884f5775a8816851c9d6950ec5d06554d5afe1647c745b486f79367b5b

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  72d8ec82ee38b89824b8a75fa13a1e5d

                                                  SHA1

                                                  45435c99b6defbbb0904909b2a33110d0b9dd075

                                                  SHA256

                                                  ffe00654212bca5e17e52ff4b1b32a9a46c0b43898cce45ea7e7860b2f6a8a6b

                                                  SHA512

                                                  e29efac8e78e50f1414606ee2538f3a013ff33a678b591e6e23e8178a59d8044ccbb42df49bd5060b8c8b1b95742a0b854d6554b7fceb32f82234df09c37ab25

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  d8dc7eee31765cd9486553cdbed3ad95

                                                  SHA1

                                                  8e24b13fd1567b6eee8c5e693f7234380cc4499f

                                                  SHA256

                                                  6b1230e6c4c6af06589f7a2a622d6083b45b686b56e5ec94df788d0e0d1acc22

                                                  SHA512

                                                  b4d06be567483c5afd830e18db85dabf6c5c9a74721450a370f0d9f30b65bc3d10efced80f05e61076d6e93d5884fe29a10692840939e4ef1f0c529696bfcbf2

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  349dfdb4fbc5d847eef33f266a7611d3

                                                  SHA1

                                                  69270fb42db93860bb43507dd87d9c719c890f66

                                                  SHA256

                                                  bd1377a281c371f711cc3907930819a860acf390a8dd491a0e6d9ee8a6cd0095

                                                  SHA512

                                                  c34191bc5bce8f98634317f2436c8b3ae3534483ca2ceeb43b42896f000e7383018f153374a6a0905d7307b7fef8342862e069df083d34a60a3e786c37b11486

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  b95e49d8456692d2887a1e8201a65f67

                                                  SHA1

                                                  d8156129dd46b27b95b14e5ae21e422465670f0a

                                                  SHA256

                                                  999010a316a5da7e2b0f77ae9e2204430399177df884447f5652bd9c52f74f5a

                                                  SHA512

                                                  ffb40d4c2e9d241c3ef40519fc2b037b206c40e9b42765574ec12b8a55a497298129fb180bf26ae6a8c01919249873dc2cf246ad2978244af3620fdf644af669

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  8KB

                                                  MD5

                                                  65db7cc51214c82faa8b91ca04b79348

                                                  SHA1

                                                  5c8e8427d6c45ae118f2c912d91d92d729092440

                                                  SHA256

                                                  8efedcc8c179bbbef534fc576af858f2d1ee14b93672487bcc7b16f429882d61

                                                  SHA512

                                                  9b16c92859bc7d868952b71dd8076079bed7d388c48dcbc18b3af21b99453885ea8321b311d9059176c26fc9479d7d3088ec10003cff9c0444eeabf871f38906

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  ea04bd85296aa3f0666ad599ed2cbb5f

                                                  SHA1

                                                  d3fdb4ec9e718fc9aaec99863bc546c9f28f2049

                                                  SHA256

                                                  fabf5ea279de52db0378d8e8ea3f00cd00de97b19036414862da93096b5032f9

                                                  SHA512

                                                  1d78accaf69a59bc30a6beb0cf2a9adf485d43d1471dfa01b6c6bef4aadb6f9d6db9c4a59b4f7734086957814c217245daedf7d3e037345255df0545519327d7

                                                  Download Submit

                                                • memory/408-151-0x0000000000910000-0x0000000000930000-memory.dmp

                                                  Filesize

                                                  128KB

                                                  Download

                                                • memory/2208-282-0x0000000000400000-0x000000000046E000-memory.dmp

                                                  Filesize

                                                  440KB

                                                  Download

                                                • memory/2812-128-0x0000000000400000-0x0000000000433000-memory.dmp

                                                  Filesize

                                                  204KB

                                                  Download

                                                • memory/2944-204-0x0000000000400000-0x00000000004AE000-memory.dmp

                                                  Filesize

                                                  696KB

                                                  Download

                                                • memory/2944-73-0x0000000000660000-0x0000000000661000-memory.dmp

                                                  Filesize

                                                  4KB

                                                  Download

                                                • memory/4092-148-0x0000000005650000-0x0000000005C68000-memory.dmp

                                                  Filesize

                                                  6.1MB

                                                  Download

                                                • memory/4092-150-0x00000000070D0000-0x00000000071DA000-memory.dmp

                                                  Filesize

                                                  1.0MB

                                                  Download

                                                • memory/4092-152-0x0000000007000000-0x000000000703C000-memory.dmp

                                                  Filesize

                                                  240KB

                                                  Download

                                                • memory/4092-153-0x0000000007040000-0x000000000708C000-memory.dmp

                                                  Filesize

                                                  304KB

                                                  Download

                                                • memory/4092-109-0x0000000000230000-0x0000000000250000-memory.dmp

                                                  Filesize

                                                  128KB

                                                  Download

                                                • memory/4092-149-0x0000000005610000-0x0000000005622000-memory.dmp

                                                  Filesize

                                                  72KB

                                                  Download