Overview

overview

10

Static

static

3

972b705300...de.exe

windows7-x64

10

972b705300...de.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2024 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    972b7053006775f8a9144e8be644443c2750ac2737978c7d975d675c9e23d8de.exe

  • Size

    2.4MB

  • MD5

    4d9abf7905ad423200a067568f45a2e6

  • SHA1

    a19937f1b03ccd9575478369a5666c04080241dd

  • SHA256

    972b7053006775f8a9144e8be644443c2750ac2737978c7d975d675c9e23d8de

  • SHA512

    10db66702b4c8fd375957cda8b9657bf9a5bd184c9b9b232b6e2ade62d841dd9fcac91cb1d88819ef23b6b680f946a72951a6099d9718e72e1993059b5994ba7

  • SSDEEP

    49152:pAI+dQBXsC8nktLjj+ywO/5ZKHUnkYw3FwOc+8+ytLsyBpzp2zASOFVS:pAI+UXs96j+Ly3KHUnneFTcFNBpzcUSB

Score
10/10
raccoonredlinevidar4@tag12312341afb5c633c4650f69312baef49db9dfa4f0c8034c83808635df0d9d8726d1bfd6nam3discoveryinfostealerstealer

Malware Config

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:18728

Attributes
  • auth_value

    64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

4

C2

31.41.244.134:11643

Attributes
  • auth_value

    a516b2d034ecd34338f12b50347fbd92

Extracted

Family

redline

Botnet

@tag12312341

C2

62.204.41.144:14096

Attributes
  • auth_value

    71466795417275fac01979e57016e277

Extracted

Family

raccoon

Botnet

f0c8034c83808635df0d9d8726d1bfd6

C2

http://45.95.11.158/

Attributes
  • user_agent

    mozzzzzzzzzzz

rc4.plain

Extracted

Family

raccoon

Botnet

afb5c633c4650f69312baef49db9dfa4

C2

http://77.73.132.84

Attributes
  • user_agent

    mozzzzzzzzzzz

rc4.plain

Signatures

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon
  • Raccoon Stealer V2 payload 2 IoCs
  • Raccoon family
    raccoon
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 6 IoCs
  • Redline family
    redline
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Vidar family
    vidar
  • Vidar Stealer 2 IoCs
    stealer
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\972b7053006775f8a9144e8be644443c2750ac2737978c7d975d675c9e23d8de.exe
    "C:\Users\Admin\AppData\Local\Temp\972b7053006775f8a9144e8be644443c2750ac2737978c7d975d675c9e23d8de.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1A3PL4
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
        3⤵
          PID:3248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
          3⤵
            PID:4928
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:316
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
            3⤵
              PID:2692
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              3⤵
                PID:1520
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                3⤵
                  PID:64
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
                  3⤵
                    PID:3912
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
                    3⤵
                      PID:5256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
                      3⤵
                        PID:5568
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
                        3⤵
                          PID:5768
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                          3⤵
                            PID:5972
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
                            3⤵
                              PID:6076
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                              3⤵
                                PID:1488
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                                3⤵
                                  PID:4964
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6816 /prefetch:8
                                  3⤵
                                    PID:6452
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6816 /prefetch:8
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:6692
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                                    3⤵
                                      PID:6700
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
                                      3⤵
                                        PID:6712
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1681107810712041206,11701493094892238448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4436
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1n7LH4
                                      2⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:2660
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
                                        3⤵
                                          PID:3360
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9756309432540967073,4915056730845038877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
                                          3⤵
                                            PID:768
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9756309432540967073,4915056730845038877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
                                            3⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:2920
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RLtX4
                                          2⤵
                                          • Suspicious use of WriteProcessMemory
                                          PID:3960
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
                                            3⤵
                                              PID:3668
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9645114172032316098,14579739267570544865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
                                              3⤵
                                                PID:3192
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9645114172032316098,14579739267570544865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
                                                3⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1592
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RyjC4
                                              2⤵
                                              • Suspicious use of WriteProcessMemory
                                              PID:776
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
                                                3⤵
                                                  PID:4576
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1561859377872417970,17819847373426862196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
                                                  3⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5552
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RCgX4
                                                2⤵
                                                • Suspicious use of WriteProcessMemory
                                                PID:3176
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
                                                  3⤵
                                                    PID:5040
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1A4aK4
                                                  2⤵
                                                    PID:5020
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
                                                      3⤵
                                                        PID:3084
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.org/1RfaV4
                                                      2⤵
                                                        PID:2696
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8314946f8,0x7ff831494708,0x7ff831494718
                                                          3⤵
                                                            PID:5272
                                                        • C:\Program Files (x86)\Company\NewProduct\F0geI.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5640
                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                            C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 552
                                                            3⤵
                                                            • Program crash
                                                            PID:6320
                                                        • C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5892
                                                        • C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:6060
                                                        • C:\Program Files (x86)\Company\NewProduct\real.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\real.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:592
                                                        • C:\Program Files (x86)\Company\NewProduct\safert44.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\safert44.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:3992
                                                        • C:\Program Files (x86)\Company\NewProduct\tag.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\tag.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5900
                                                        • C:\Program Files (x86)\Company\NewProduct\EU1.exe
                                                          "C:\Program Files (x86)\Company\NewProduct\EU1.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:5960
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:4452
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:5320
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:5784
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5640 -ip 5640
                                                              1⤵
                                                                PID:6296

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Program Files (x86)\Company\NewProduct\EU1.exe
                                                                Filesize

                                                                289KB

                                                                MD5

                                                                61f51370de492e1b8fd565c68aa3141d

                                                                SHA1

                                                                89da629358f5e7fd4da717a15fd72b74869af631

                                                                SHA256

                                                                19338864f06ba621eb3543d3a00ca4297d140e270a7ed1af174b61449a128355

                                                                SHA512

                                                                8aaed5770ee595c458f6e25e1ad40ff482e4b1343dd1a8b289f69b88236afc209c1f63094c95f2522728f7a5460b3de4f76938d69e03b5432316dbbf9c35e200

                                                                Download Submit

                                                              • C:\Program Files (x86)\Company\NewProduct\F0geI.exe
                                                                Filesize

                                                                178KB

                                                                MD5

                                                                8d24da259cd54db3ede2745724dbedab

                                                                SHA1

                                                                96f51cc49e1a6989dea96f382f2a958f488662a9

                                                                SHA256

                                                                42f46c886e929d455bc3adbd693150d16f94aa48b050cfa463e399521c50e883

                                                                SHA512

                                                                ec005a5ae8585088733fb692d78bbf2ff0f4f395c4b734e9d3bed66d6a73c2ee24c02da20351397768f2420c703ad47ffee785a2a2af455a000ab0e6620ec536

                                                                Download Submit

                                                              • C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
                                                                Filesize

                                                                699KB

                                                                MD5

                                                                591fe3c4a7613d32309af09848c88233

                                                                SHA1

                                                                8170fce4ede2b4769fad1bec999db5d6a138fbb1

                                                                SHA256

                                                                9f289f95453c588a9ff4bef57b59d6ec812e985b14fdae4554b7112e52819e9d

                                                                SHA512

                                                                e1b3c7c3a807814a7a8139e7043053d12820bdd18c6e4d1320818f9f8b0e1c98a0786425c2d68ad7f789160f816eaa367402af5c67f2e204b9ec0831c1a04f6c

                                                                Download Submit

                                                              • C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
                                                                Filesize

                                                                245KB

                                                                MD5

                                                                b16134159e66a72fb36d93bc703b4188

                                                                SHA1

                                                                e869e91a2b0f77e7ac817e0b30a9a23d537b3001

                                                                SHA256

                                                                b064af166491cb307cfcb9ce53c09696d9d3f6bfa65dfc60b237c275be9b655c

                                                                SHA512

                                                                3fdf205ca16de89c7ed382ed42f628e1211f3e5aff5bf7dedc47927f3dd7ff54b0dd10b4e8282b9693f45a5ee7a26234f899d14bfd8eb0fd078b42a4ed8b8b4c

                                                                Download Submit

                                                              • C:\Program Files (x86)\Company\NewProduct\real.exe
                                                                Filesize

                                                                289KB

                                                                MD5

                                                                c334f2f742fc8f7c13dfa2a01da3f46a

                                                                SHA1

                                                                d020819927da87bc5499df52e12dc5211a09ef61

                                                                SHA256

                                                                92e9d7c3e28e78b7702d1de113e7b1ffbd6fe1447159e1982e0158aafe5e75cb

                                                                SHA512

                                                                43deb443af74f5086d58d7d79af0407c2c6ef94ed338dfd2311dd595388143929a1ad8550b60d30a54e13207a3c95fa26be6fad773f191a56ca845c1055b5156

                                                                Download Submit

                                                              • C:\Program Files (x86)\Company\NewProduct\safert44.exe
                                                                Filesize

                                                                244KB

                                                                MD5

                                                                dbe947674ea388b565ae135a09cc6638

                                                                SHA1

                                                                ae8e1c69bd1035a92b7e06baad5e387de3a70572

                                                                SHA256

                                                                86aeac2a4ee8e62265ee570718bbd41a4e643e0bad69e7b4fa6c24baeb220709

                                                                SHA512

                                                                67441aebbf7ce4d53fbb665124f309faed7842b3e424e018454ff6d6f790219633ce6a9b370aeaf77c5092e84f4391df13e964ca6a28597810dee41c3c833893

                                                                Download Submit

                                                              • C:\Program Files (x86)\Company\NewProduct\tag.exe
                                                                Filesize

                                                                107KB

                                                                MD5

                                                                2ebc22860c7d9d308c018f0ffb5116ff

                                                                SHA1

                                                                78791a83f7161e58f9b7df45f9be618e9daea4cd

                                                                SHA256

                                                                8e2c9fd68fc850fa610d1edfd46fc4a66adbef24e42a1841290b0e0c08597e89

                                                                SHA512

                                                                d4842627f6fab09f9472ed0b09b5e012524bf6b821d90a753275f68de65b7ba084a9e15daca58a183f89b166cc9d2d2f2d6a81e1110e66c5822b548279c8c05e

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                Filesize

                                                                152B

                                                                MD5

                                                                e443ee4336fcf13c698b8ab5f3c173d0

                                                                SHA1

                                                                9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

                                                                SHA256

                                                                79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

                                                                SHA512

                                                                cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                Filesize

                                                                152B

                                                                MD5

                                                                56a4f78e21616a6e19da57228569489b

                                                                SHA1

                                                                21bfabbfc294d5f2aa1da825c5590d760483bc76

                                                                SHA256

                                                                d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

                                                                SHA512

                                                                c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                Filesize

                                                                180B

                                                                MD5

                                                                4bc8a3540a546cfe044e0ed1a0a22a95

                                                                SHA1

                                                                5387f78f1816dee5393bfca1fffe49cede5f59c1

                                                                SHA256

                                                                f90fcadf34fbec9cabd9bcfdea0a63a1938aef5ea4c1f7b313e77f5d3f5bbdca

                                                                SHA512

                                                                e75437d833a3073132beed8280d30e4bb99b32e94d8671528aec53f39231c30476afb9067791e4eb9f1258611c167bfe98b09986d1877ca3ed96ea37b8bceecf

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                Filesize

                                                                6KB

                                                                MD5

                                                                5332f401b22420f99d4a90ab2fdd8c22

                                                                SHA1

                                                                2809a6572dbbdb635f862d42b73227823079699f

                                                                SHA256

                                                                e8d476bf39c9b5563fbce0885e022cb632944f23ae1860e4f9f7ea3ee34da9b8

                                                                SHA512

                                                                ee063deb76094bff4863c7118ccfa8a01524ce06f22bb807455b7c07583b0e9ec92847a493fbe195e91ca38ff4b673f3611cc0e2b56091f878643e1b7e858c90

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                Filesize

                                                                6KB

                                                                MD5

                                                                8d42351562a799f6d9cb3ffb48935194

                                                                SHA1

                                                                0a75e1e95815956189e489c478c199b8aff4774e

                                                                SHA256

                                                                cccb1190a11255c745d2decdab5fbc5f845423cd34aebdab69a0d2845f7a736c

                                                                SHA512

                                                                972ef087f878964fcda9fbe5ebee2f76b98c2f9fef572f2058660419971d1e3b3e1f098b1dbf5c537d5d5bbe594ff3504d3320c6c8c8d24f77545f5576671ddc

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                Filesize

                                                                16B

                                                                MD5

                                                                6752a1d65b201c13b62ea44016eb221f

                                                                SHA1

                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                SHA256

                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                SHA512

                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                Filesize

                                                                11KB

                                                                MD5

                                                                3e9a24bdcfa0d4b45713674016410bbb

                                                                SHA1

                                                                94b50b4113dc50165035f4164c8f8a96a9336cbb

                                                                SHA256

                                                                ecd148d46634148832a2d8a8fbfadbf8dc9dcbe43200733a1c1ce7692b0c11b2

                                                                SHA512

                                                                954504c62588f30e47e3a0ceb7eab94360bdd9fafd4db6515d0f670302c259b61de55f7ea8515063c5f7c9efc72ebead035ae67fc86a30b34fb1f8363625a2a1

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                5d35aaa3b849b0f0b70c5a553b020ee5

                                                                SHA1

                                                                bbc6fa180de5d33fe2d27f2af49125c9d2909a45

                                                                SHA256

                                                                8f37d3a5bdf070bf50a0f5c58f77b92d6a3bd2b31d396b6c59665784da0954cb

                                                                SHA512

                                                                12ba3218277db6ca8072d2a56a787633e6308b73c5b135932bbeb5817fdd254d5a1758b015bcdb608b2aa2668b3a8855cbc57aeeef98fae0de65accffd6abc44

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                db43bcad01423e0db28fd5c7ec34c4d9

                                                                SHA1

                                                                a63ff4fd017b3adf3bd712447f36f361cbbe3324

                                                                SHA256

                                                                f3eccceb6f19292a1a54352cb0997454c6cf28a8dff8249ef1978d36be9983ea

                                                                SHA512

                                                                517f3a982cde33ffb694e9f30a81416df41448daff7a775abea4ea97a66e01750af59643459959e80116ee35213b975bfa367b199006808ff78421fc77641ae8

                                                                Download Submit

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                Filesize

                                                                8KB

                                                                MD5

                                                                944beb518f917a098b69696611d1fda2

                                                                SHA1

                                                                caf0a11b443b366ff9592f3271c3cb17e00e712a

                                                                SHA256

                                                                038026ba35a493c48719a00af0cf2dd0622dce8a54da627efbc16c96c1a96379

                                                                SHA512

                                                                bc42fc1288093a7f833907c3168bc3283dec72dcdca45d3ec3e7b0a7d4b115044757e4cefd231ee15701f1e2a7cc67ae5bc5b1ea1050f70b062482c557dca27b

                                                                Download Submit

                                                              • memory/3992-184-0x00000000010E0000-0x00000000010E6000-memory.dmp

                                                                Filesize

                                                                24KB

                                                                Download

                                                              • memory/3992-213-0x0000000005310000-0x000000000541A000-memory.dmp

                                                                Filesize

                                                                1.0MB

                                                                Download

                                                              • memory/3992-214-0x0000000005240000-0x000000000527C000-memory.dmp

                                                                Filesize

                                                                240KB

                                                                Download

                                                              • memory/3992-212-0x00000000051E0000-0x00000000051F2000-memory.dmp

                                                                Filesize

                                                                72KB

                                                                Download

                                                              • memory/3992-221-0x00000000052A0000-0x00000000052EC000-memory.dmp

                                                                Filesize

                                                                304KB

                                                                Download

                                                              • memory/3992-183-0x00000000007E0000-0x0000000000824000-memory.dmp

                                                                Filesize

                                                                272KB

                                                                Download

                                                              • memory/4636-204-0x0000000000400000-0x0000000000433000-memory.dmp

                                                                Filesize

                                                                204KB

                                                                Download

                                                              • memory/5640-241-0x0000000000400000-0x000000000062B000-memory.dmp

                                                                Filesize

                                                                2.2MB

                                                                Download

                                                              • memory/5892-265-0x0000000000400000-0x00000000004B5000-memory.dmp

                                                                Filesize

                                                                724KB

                                                                Download

                                                              • memory/5900-211-0x00000000053A0000-0x00000000059B8000-memory.dmp

                                                                Filesize

                                                                6.1MB

                                                                Download

                                                              • memory/5900-192-0x00000000005B0000-0x00000000005D0000-memory.dmp

                                                                Filesize

                                                                128KB

                                                                Download

                                                              • memory/6060-193-0x00000000022C0000-0x00000000022C6000-memory.dmp

                                                                Filesize

                                                                24KB

                                                                Download

                                                              • memory/6060-172-0x00000000000D0000-0x0000000000114000-memory.dmp

                                                                Filesize

                                                                272KB

                                                                Download