Resubmissions
02-12-2024 01:29
241202-bwgrxsslev 601-12-2024 01:16
241201-bm536a1rbv 701-12-2024 01:06
241201-bf6q4swlcn 630-11-2024 23:55
241130-3yyxrstqbq 630-11-2024 23:55
241130-3ypn4azjfv 630-11-2024 23:35
241130-3lf67atmal 630-11-2024 22:13
241130-15bppsxjhx 727-11-2024 20:24
241127-y6snhaynhv 726-11-2024 17:03
241126-vkvzyswqdk 7Analysis
-
max time kernel
1705s -
max time network
1775s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
-
submitted
01-12-2024 01:16
General
-
Target
psr.exe
-
Size
13.4MB
-
MD5
33c9518c086d0cca4a636bc86728485e
-
SHA1
2420ad25e243ab8905b49f60fe7fb96590661f50
-
SHA256
ba30ea16cd8fbd9209d40ae193206ad00f042d100524cf310982c33369325ca2
-
SHA512
6c2c470607b88e7cd79411b7a645b395cee3306a23e6ba50b8ac57f7d5529a1b350c34e19da69aeb1ffade44d5187b4a1ef209a53d21a83e9e35add10fc7867d
-
SSDEEP
49152:W/XzWTJmbjeHLKLpyNpaQ+69tPvGUmskDXs4Awd9CBqcUiInvlT2hPnXiwzYJ33S:W/EmGrKL2pllzP+UNkEARmzY1C
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 19 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Drops file in Windows directory 20 IoCs
-
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 54 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\psr.exe"C:\Users\Admin\AppData\Local\Temp\psr.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\psr.exe"C:\Users\Admin\AppData\Local\Temp\psr.exe" -cv UTLmh2QOTE+07E+v.0 -enableservices2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\System32\sc.exe" config wuauserv start=demand3⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe4,0x10c,0x7fff242b3cb8,0x7fff242b3cc8,0x7fff242b3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5724 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,4672934241128234450,5630360142893255736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BikeEscape_1.0_setup.msi"2⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004C81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1EB354BFCA0AFA2E9943CD8EECAABC11 C2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2583ECAC7FB37F27C72DA70E7E2192CB2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
-
C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape.exe"C:\Users\Admin\AppData\Roaming\BikeEscape\BikeEscape.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe"C:\Users\Admin\AppData\Roaming\BikeEscape\UnityCrashHandler64.exe" --attach 1400 17836156559362⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
38KB
MD5e0fb216fc2dad309f44fa324dfb3653a
SHA19f45aae04005232b455e11992f51c90204820a56
SHA256028ff738d21e08b54cca78602b29c31908cc748fd624f62cd81caf93d08e40df
SHA512542f95ceaae86d2ac14aea6130c4d334d2d0d40d3fd13a33499543d91aa89ae1eb331f231f49e2048a30d36f94ba71839fe8628cba5ffe9ecae1f9d9e5c1071b
-
Filesize
1KB
MD58ccfffa52ca088226b39888af5b15ed0
SHA1af68e813d78a4ba1ea11792794ec5d3463672dfe
SHA2560068ef3d6122838325c5c31a80ca418fd958e7a7d8c2fb3fbf13e841b778f0e4
SHA5121546eac581b100f78bbf9fd0136d5dc76e84fa336a19bed16dd487be45b446da80d28dc3c1f9857719382bc2d7f0a6c946f76d4f3effa9fd24c1c308b6285f4b
-
Filesize
152B
MD57bed1eca5620a49f52232fd55246d09a
SHA1e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA25649c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8
-
Filesize
152B
MD55431d6602455a6db6e087223dd47f600
SHA127255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA2567502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829
-
Filesize
1KB
MD525818c6341228f646e44d23ca005e4b3
SHA1a883fafdcfda973293a763fd685e239dc5b61f34
SHA2566238e75c900a623b4af365248bfabd763c825f47943a93574400dbf67f39d294
SHA51296df2d4964b5eaff2adc067600c9938d287c4b51ae71df8d66f3b83db7ad7bc6fa338c893fc0669014d6a1cade9feca20e86ccc26c216afaff2d59e75d1b1f57
-
Filesize
815KB
MD57cf1c8567c63ea2d2e525cb90ac210fa
SHA1f90fbccfdf15ebfaa7d758ba2ceab32ab45b30c0
SHA25686622bbd915b3b4cc17ccadf6cebc9401da31ed503d6fb5c41d9f76e33e96ecd
SHA51298ef06cbc0d1f98c7286b6a923c633941cc3a5f9726f99be7a4bbf64cbf8933d42360d76110e463e7d22e44380b8ee9c37c82a20fdc955b5f18e0e2e5adbb0a1
-
Filesize
414KB
MD5bacf71a0165ee7170f9a87291184cc29
SHA1a3658b972802fdd8a4470b11f4bfb5e57e5ad7a7
SHA256799b6b37871d8f3e7528f93123e7ff97ac4dc314644b70a34335842f28d1cb47
SHA51282444fe964addc8ab7cae9c96f9965e25bf45f4fb834a2027ce7afc9e55c961bab8bdc54c84eaffd8d36b955857b4b5650883f0ce68b74583d56238379b89f61
-
Filesize
814KB
MD5c6ee80cbc503bb23fcae8e733ae7bf80
SHA18793ba694f8230af56ad5c4ce34cddb10691de2e
SHA256e859cdd2932b1bc8c5c1c275cfd5c3457b6e8e87db87e2d53cf230acf9a03ef4
SHA512bcf2516d19c2dcdcc72251ccf95af4f7b660410f02c3d96ef55f341987c7af50f0e4cb978f7c8d5251d4d75de132058798e0b1facb0014e1c00a63d67b64332b
-
Filesize
1KB
MD5abf4a300e711014de340a80b5a5ad19d
SHA1eed8ed8be907d16add4829064d7eecf07567226d
SHA25607792263cbcc5b18cec7c5827b1b91488fbca04adf86781ed3d0f98d4dab13b6
SHA51201344db63bb2ca49edbbff1bf2ca9d5265ca17f6ff4e175ff25190d93a366c54c52e8bd19c2a1adebc737a9dbbef64de3e172ca6412e0560d4f0ec16b04902af
-
Filesize
3KB
MD5bad466ccff4e3fa4545e7f0907663f82
SHA1d604b424bccb02c6c045a6933ee3a2e624b56319
SHA256141158509010642753d672c33d325287300e10e6611e0e0973200ff3a40f9fc3
SHA512fcb95c9dedd259d5af396e2463683b497ed613491b1ff2291dfca55a4cb23d94de6921333014b015312ce1cf28bbcfcc3d911287c7d60366b069905effd452d3
-
Filesize
1KB
MD575dd3f7b5b1767f9aa639813892a6a21
SHA14751dcfe80d1a69987a9441bc2571b4e78afc59f
SHA2569d634c797b40219c71a31a0ad0f56800c7c385fe2a5505cd2bcf8df8c9aecbc3
SHA512e04ede6e7551b393e8118713c218ce187f616222c8cf53c7377b58e4b18e0773e303dd732c54e8e89b5d04f9feeed63abf9b1931668f25b5e40a5fc4daaec492
-
Filesize
2KB
MD5593106c959301012606033f094203f84
SHA17a2e78a6ea82e54cf9f54a4d4c3ca259741e0ee2
SHA2568bd29d6149a01e26910484223a3912c35b2e0cf99f144ef4c119953bf4f4fcc9
SHA512a22c7fc1c2e1016b328e11e5df9f8727a245081cbff08023ddd066e2a1480cf7660d2db2c70d749823c329d4aa9ee8af0e717286fc666922c6e8c42efab52fdf
-
Filesize
2KB
MD5428d0949c6aa2862a92c6bd87981fc1d
SHA1c5bae368d1061a8cc3065f8775d292684a87db07
SHA25660e5b295b7b156d796e9dee5f145685800ee79686aea940e0b7ad5463e3e57f5
SHA512b5951bc13667dee2370990139676c576a1ffc7409ebbd25d0acaf7f455faca54b150cd20fbcb6f32c1ce59ffe2ad89d780fa8c745e12c37b947df2d06c111d8c
-
Filesize
2KB
MD5f290df6b8860e728637507afcf055298
SHA166dff1d9b6f594ad45a091a542c5e022d6311662
SHA256872afc7d4b8827813168a968273bba84f837c5272d99730d5ce282751b78c37b
SHA5126a7503d87dccac79aff62ffbee18f67056072ec06c99b3f773463108994dc2d4dd5921b5f33097f3e207fc623546ff477ec45bf8d211951bac95b414bfa7cc73
-
Filesize
2KB
MD55eae96d35c834fc3260249fabd8218c1
SHA10a8e6387439b2d6620be4879f840099118a4d09c
SHA25634f304b7a1d69261b7cad96f732d1f28e899ef77e8decec0cd92bf4289357344
SHA512ed15da17ba53d8b29c80606075590ba7c024c676db826225bbc593e5e5b7e09d89f947558ed1bfdd44bac968391795c85e2639fcbacdbe5cdc48383ff384d1cc
-
Filesize
1KB
MD599cb072f77fd516f0ffa56b0d0e701e0
SHA125ee1c104b6d513ca13b5a8ea4c5b717337d696d
SHA256766b17501770741df25db4a33578e1c6f6f7f4004b14611ec2549efa27581ddf
SHA5127e155d2f0983765526bd10dbeee2f83f37f3f46a4e87ac15d0682e18b9bec3b58f93147480ca13bfe93f29adebfb89747bbb6a05efeb793dcd9d6dcbc8db5132
-
Filesize
2KB
MD57a991c419a8c22a921186ac2e7db5fe9
SHA1bb8b55df4ddfc3fe73fe4c095568e448493db348
SHA2566423d279a9fdb7cb469ece9b4892e29df547c5a20da1c31297421c27e3548b58
SHA5120c5fdbeb2b99d9f9052e986b94e4b72b447ffb458903f9b5e65009344b99e5c9b19d9f654bb9c7b1ff167888d63ed7b5158f3b1ae58b7ccc5b7041ee632b4e00
-
Filesize
2KB
MD5c53dc734ab3e26fa9ee9c3eec84a06ee
SHA1d2aa0a2d3e1ddfff9e68ac9ac489afb6e681340a
SHA256ae56ff11b54ff9023281d9553865aef10f42e7f5f45b3b21f5f7d147b5abbef3
SHA512549a615f47bb1886b2e15b1a60432e34a6c8da8d9b0c588e4a6c086efac270dd250ec5ad58b0f696cd54c38e982125043b719cf239cc5d7fa0a32d99350a810b
-
Filesize
6KB
MD5ad9c929b53bd747d088003bb2b77aa4f
SHA1b05341454fd7927379984b4f6db29fac886b3680
SHA2565be8ee58aa58851559e1cb3c526c58d62476d5e2fb7febe06f789f84b46ff2f2
SHA51287144598a14a9ca4432d18a02bb068fafabe874a3951219fb603219330bb967fe377149c65feec963c1fe5e7b28db8f28c5c30ff04762fa35783e0a09a2ee308
-
Filesize
6KB
MD5c9e1b69d7b2f0656305b7382edafa082
SHA1a67ce61d221424ebfbe2a793eb861ba696b1cc46
SHA2565d14628fa31bc233ebcc5dfbca6a21c29de8c77d5397fcf3d47c6c13b628a95f
SHA512d1585a9305c98948299e1b114448fd586829abfd6fcce88ff7de9113bc64d5e0ef21a0a95b3057d09909beb442a10f37de88562e3829279ffdf03590de23ece1
-
Filesize
5KB
MD5f3e2d09c6f08400a031f331f8e5ba1bc
SHA14bc7a4108479495295b7f81aa584549e24029544
SHA256935d5318e909034adccf03b20ac205e702506777deb36bb5a73e0d042373fcfe
SHA512dd709619d16b4fbc135fcbd6819e4dfc444055a5e57d7bb152f5e6a2e0060fa7c207765ab89ddfd101918ed6f3746aca3ebe08866e11d34cdbff8a50558e2eba
-
Filesize
5KB
MD5d0f92a008a5fd2a6e5eda5ea2e94df2d
SHA183fb79134a11af54dc10817eb1f384a295077283
SHA25631fd2a6e5af6ac41f862aa54fce79fe11cb5d16e3701e2dc1e7dc89e16691a32
SHA512f99ca3c6b3faf6fad3a2a7964def587d97ea4081fd184d567f1a7d275d1e299f1e3c2114d0de75d12535f65d65da75a48c8e6b9634290dd99f4abf49fc4cdbd9
-
Filesize
6KB
MD5c4e45f3b9fefdbc2b2182ea3a022e2ef
SHA13887d0eb1f22e0b355cbf9426506de874ce6283b
SHA256a16971dc971881e3696ca42797ac127b0dad903c00dc4f6ea49a3b4030d6f895
SHA5125e971bff5d2a4752457098ad70d7425a557560d800a5f7a84a4ccc5633a2ea8bbc340188a283c328f9be3955f8bc3263bf01aeb821f5481463ebec7a368c4f85
-
Filesize
6KB
MD52c14f40075203006d3a11333b08b6570
SHA11c823d47475fcae493a5d3462e65aa99ed7635c0
SHA2569afe9e6b645980d0219ff038306b2aef2d54849690c98a6d55df6afd9fc888d4
SHA512daba4dac1eb0377578a9a8875bd4d96044bc05eef5232287985d02dd05ab9f8b5fba6421a810d5d32b8f21470506df9e828fa6d9c750e130358786f73c7fd194
-
Filesize
7KB
MD5e96ed618c2e8adc29e49f90e18f6d1ce
SHA10c8ff361815cded822950ee1c3cb0098710f2970
SHA25695c1074f24eb294b79e0a9d75d46af6f3d663698e85163735ba79ecb4fdc30af
SHA51230e0d7e512a1aec72fb27027cae9e9466362d9208901702a084d37eaa77bf19c880d380529758b3fc80b6d995060838693e50503caa5079551ed1fca13b00e86
-
Filesize
1KB
MD56737e54af2eca2bb29ec68884b37215a
SHA1d316bc2dc3f41e234572a4fd8572cd9041962bdd
SHA2567778b0ac6963d4b518e186a87824d29e3594468a8c33359d9883ac1c0924b0e3
SHA5126782b0274135fe1dfc34c209574866622204ea55508de5cdd4ff9b29110859ffa8425d49304bca4a0477c858fc25b4e230c9f954e305147b649345570d7b59b0
-
Filesize
2KB
MD5fc4ecb309f643ddc811af8959f9347d0
SHA17b7aee90e2c09d51f3463274691763806fc789d2
SHA2567deba7cdc5c356578c3f2c7f3a9a143b451172795a516b026afe9511c429ecb8
SHA512f46ecec95a3306aa8f8a4e9391c12ce85ceb291d3ad0ffb63ee3e25337e82b1f422ceb2b68be04cf135e68ca922a9d08ad6dc6f628c8fa0394476d92dcc0e187
-
Filesize
2KB
MD51e5a9da7dad4ed4c878fd58a20f31ce5
SHA17d0a10948e930144085a0744906a656eddc21fd4
SHA25666cdc19c6cc363e6f6ed10be5c7df8eea1840fd67ddb10c42847f31d68760a06
SHA5124a90ffbff3c254bcebff1eae20152d1a4526f7ddab26f72c2d2b02ad622a49aeecc1aeed1cec327929927ab48b8a8c52bc0f0e1d403ffbbed97fe7d56a044199
-
Filesize
1KB
MD53088e7c8a85dbc76671b7407c2ceba84
SHA14b38dcd79622487a5cce589d095f50eab87ea33e
SHA25633246e9306d0c9d478b4752302599edbe8d73a0e3245acc51038052443a0c009
SHA5125561eb2c39baf19ed982ada98a0ae2a18c489367b01ee51c053f34598e3bf326adaaea967ab220d60ad1f215f7e3676314a51a85e4d6e96fbe0aee1f4411efcc
-
Filesize
536B
MD5d826a0a420b401a4ebbb38fc0a6f4117
SHA13ae19b7080d2b41594f17dbd557f9f1e89b70ac5
SHA25619a4d9031561c9efa2e9f1f889f629afec8a7864c30bedb3a2a67c77cec89823
SHA51253b9c9507cec1e045c2c81bca6850f90c4c84398368bc7d4475f88c2c5159e8408e196822e2736a621936fa00059d8dd430cb0cc2f10c644d29f489b38c4d75c
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD53787aca5a366d4adb1e7af7b30c9a3b7
SHA1a8a5da56236ea75f8f8b832f899186b581ffb557
SHA25606028e7e7cc59cefbfeabfb10f4f44aa0be6f637353a5d0b8445e7be803edfc2
SHA512124b1f908c61f517d917d9956694ef34ea0b29d5e3f4a3c515daa23b3b44d465c607772a3046ddc0231dc48071eb6782a6e03f37137820825322e8f2e2272b3b
-
Filesize
11KB
MD54c8d674ba8af85750c3fe84402494be7
SHA1fc71f61db9f62efcf0e44a11193bacf93d976de2
SHA2566d8410fe6bf6290155bc08abaf1fa3aaf82de2e417db60c4179d338f4d9f80c8
SHA5123c15bf780ab8a96b675eeccdf9fbe096141a4f544a70399a9b0152aedf87706e2f86bceb0e90c47fada254cddfe9377d35d8f463fd16f7735408152aa6e55f8a
-
Filesize
10KB
MD532e794ccaf72f253453c9a553f392750
SHA1b3afe7ff83bcf756d970d0f2cb6114184e0a2bd2
SHA25601ff0964c58cec1d28302096d099d53235a710caa081ecc0680824406f15502a
SHA512d4ecc92f76099d2dae9cfa0ef921d31e0e727d19ab6e6a2a2a4a7a90f4ce415a62a22ff47648e58adeba477d9955af2cdbd14c973728a3edc724430aa2779263
-
Filesize
11KB
MD5c9cdacd30652db16d15dfe406edd6c57
SHA1cff50f76353472771e50f4812904bd21af916d66
SHA256231ae248e84ac2d9e8dac1c1d2a10dcd5b04357d97f8ccf16fa62f72d8281d41
SHA512c4e5b15988ccbabc98fa1c6dfe14e60224caf8e91631c5bdb9584c47ac77a7819f2a036a66407ac41bff6c1e38a4cb435ea2ad12d19b32c3c63d3f0acdd250a3
-
Filesize
256KB
MD5947b50ec480bcaea3c6476dfd91bb027
SHA1c5a07ae32d313c78d50824b8e86a8d91a6e3b4b2
SHA25638495ab1f13a52e60a981ea8a809cdde18286092252c55bef4d74fe02a3b9529
SHA512f19b6d9295faf342d035fb3258706fd018f0e7cb025d1d41a05b835ba229fb5ea2e47b5d3d776c8abb6e4a7761e180c61ba66b007885dacdaa9bd93585faee10
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
10KB
MD51301a13a0b62ba61652cdbf2d61f80fa
SHA11911d1f0d097e8f5275a29e17b0bcef305df1d9e
SHA2567e75ad955706d05f5934810aebbd3b5a7742d5e5766efd9c4fc17ee492b2f716
SHA51266aa4261628bb31ee416af70f4159c02e5bbfbe2f7645e87d70bb35b1f20fa915d62b25d99cd72c59580d1f64e6c6b5ad36ace6600d3bcdb67f45036d768ed8b
-
Filesize
10KB
MD5964219fcbf4c1e0008bc5e05686367a9
SHA1685a0b860afbfd43305bc67763e41b296a22ba8b
SHA2564f4388ce8c3055db4827ad4b6d7d6ffc7bead99955a3fbe44ab3a5454651ae25
SHA5122745f64b2bd54740a5c1f754785c39eeda9b6b5112707cc8630ba188638442de7c636446f750aeb340905d9da26f96ee4e7f7c96e2b690058ce29d7b6efe8c16
-
Filesize
997KB
MD5ec6ebf65fe4f361a73e473f46730e05c
SHA101f946dfbf773f977af5ade7c27fffc7fe311149
SHA256d3614d7bece53e0d408e31da7d9b0ff2f7285a7dd544c778847ed0c5ded5d52f
SHA512e4d7aafa75d07a3071d2739d18b4c2b0a3798f754b339c349db9a6004d031bf02f3970b030cec4a5f55b4c19f03794b0ce186a303d936c222e7e6e8726fffff7
-
Filesize
651KB
MD5b7fde0dbffef8900a750588a9b068759
SHA12e2e18d1629386fd2d99339e1eac92935b7786df
SHA2562c49f83477625f5e2a8a84edba8a3e4686cf1579b7424f0ae0f685caeed60e6e
SHA512ee9b31b5465bef3ae2ffb4ce68a158881aff69c0cc4f032423f584ffae366eff1c16f2120d38cbb73339431aae9f82872e2960a43d982be73847de428cb1929a
-
Filesize
1KB
MD5f7a6aab1fab7840745c44cae44b092dc
SHA136c21ba93d4f13417677654b1e9140c9ed614cd2
SHA25695747ee70346567f08c848f3b086da49e4941efbb675b6ad596e37af37fddaf4
SHA512bcfaa2216044046dacbfcba9037f11da79e12f022b17aed74eee93937871d19b0ea5809e60f0c608685facc55f1ec59ad48ecbf1a3e285df7066b17396067e96
-
Filesize
413KB
MD53f733da2231e89b868995a206109f63d
SHA14b063ab891c0f399d91df8075ba72d5db576573f
SHA256d3d0f373f906323073a04e7a807f2b26ac5694467cd60c5265f430bf31cec553
SHA5126c36838e62f40d1e6ee0e0f0ece6c2da6afbb233594c65d42cb04910be44cd79780b14be360f3fb191f83e5664b5a363381ec709baa7fb888ecfe69cefa3f990
-
Filesize
56KB
-
Filesize
7.7MB
-
Filesize
13.4MB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
224KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
152KB
-
Filesize
7.7MB
-
Filesize
136KB
-
Filesize
7.7MB
-
Filesize
40KB
-
Filesize
32KB
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
7.7MB