Overview

overview

3

Static

static

3

32f2460115...cf.exe

windows10-2004-x64

3

Resubmissions

05/12/2024, 17:09

241205-vpetjatmdw 10

05/12/2024, 16:16

241205-tq9vmayjgj 10

05/12/2024, 16:13

241205-tpazxayjap 3

05/12/2024, 16:09

241205-tlxdqs1rbx 3

Analysis

  • max time kernel
    180s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2024, 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe

  • Size

    3.6MB

  • MD5

    d5dcd28612f4d6ffca0cfeaefd606bcf

  • SHA1

    cf60fa60d2f461dddfdfcebf16368e6b539cd9ba

  • SHA256

    32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf

  • SHA512

    dbfcf464c3211b7454c406a9f9532c416910ac24ea862d7061e3503f294d690b4957020dcc703984449e0934c7a595cf9061412fa25383850dd86235648ac23b

  • SSDEEP

    98304:whqPoBhz1aRxcSUDk36SAEdhvxWa9P593R8yAVp2g3R:whqPe1Cxcxk3ZAEUadzR8yc4gB

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 56 IoCs
  • Suspicious use of SendNotifyMessage 56 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe
    "C:\Users\Admin\AppData\Local\Temp\32f24601153be0885f11d62e0a8a2f0280a2034fc981d8184180c5d3b1b9e8cf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2196
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault7829f54ah64e8h4076h92afhb4937be2874f
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4456
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff996a446f8,0x7ff996a44708,0x7ff996a44718
      2⤵
        PID:1956
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8532937380322926735,6416401094765195766,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
        2⤵
          PID:4352
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8532937380322926735,6416401094765195766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2652
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,8532937380322926735,6416401094765195766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
          2⤵
            PID:3080
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:4624
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:1020
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0e2f8b79h2f3bh453eh9c2dh8a1bad96ab19
              1⤵
                PID:4988
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff996a446f8,0x7ff996a44708,0x7ff996a44718
                  2⤵
                    PID:1368
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17382053860093930751,3186889828510207620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
                    2⤵
                      PID:2372
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17382053860093930751,3186889828510207620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4592
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17382053860093930751,3186889828510207620,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
                      2⤵
                        PID:4176
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:1208
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4924
                        • C:\Windows\system32\taskmgr.exe
                          "C:\Windows\system32\taskmgr.exe" /7
                          1⤵
                          • Checks SCSI registry key(s)
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:4472
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:3132

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            7de1bbdc1f9cf1a58ae1de4951ce8cb9

                            SHA1

                            010da169e15457c25bd80ef02d76a940c1210301

                            SHA256

                            6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                            SHA512

                            e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            85ba073d7015b6ce7da19235a275f6da

                            SHA1

                            a23c8c2125e45a0788bac14423ae1f3eab92cf00

                            SHA256

                            5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                            SHA512

                            eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                            Filesize

                            331B

                            MD5

                            a156adcaa3f942b3ce91174a1bd6146c

                            SHA1

                            632f9559f888e1bb66efe44ff2a7236fb48c403f

                            SHA256

                            90d82879ea34a29f989d5da3bcc4abd82a573977ac8a02fe38e187f9f5062bb3

                            SHA512

                            2e6e6ec6212b9d5d78000989d8ee63fbfda383c1a2682e1dd17a6574cb3b7fe0cb64efdbcdfc0cf95c029b31260b8920c8226b315512589507210dff58ee12d1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            73091b5746005a86749f2c3954defc72

                            SHA1

                            b7a2354578911f1de77f51254e185bb7abba026a

                            SHA256

                            bc9e09863caef38e888c93b70217bf6283fe2e802f3a07c1cd9be2a637bb975d

                            SHA512

                            3eb979c6c521354c841b1be090fe3a0dc2777424c9cbd08a627b3a1fa018a7793f1d83f667466d90b1c29355e949c31f1f38eb88c0b210162473b2996d2bad41

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                            Filesize

                            347B

                            MD5

                            eac9e601889b404fde52de1fd14d6eaa

                            SHA1

                            597e80a94312aeaf78bb07619b2bf80c852cc109

                            SHA256

                            a4daf03abc5dd9f85727ed51f99f048d34a731c1c10136c3797b5be4202e6ab6

                            SHA512

                            066708664ab9b770d0047456fbe9f82dc8c270b3bc4eac30f63bc0e437891d51ad319dbe9bf6e15003769fc5edd88fa7244695070349f8f58a495e4bdd1bdd87

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                            Filesize

                            323B

                            MD5

                            1c23b0e6eb11d3fb846852542831dfbb

                            SHA1

                            5c597f1c7d126e138a2fc6c95533b5242040f4e1

                            SHA256

                            21b8918d3b9a890b8dcdbfd54134ae343400b9272ef776880343cd07b464dc80

                            SHA512

                            b8fb8600db7f2546f2852823d0d3556ca07a9b2e57ea62b5ff9804d36880ea17559c8cc34c02d1f61c3abeefcab9b934bbe841d9223a290b8e0bb761be213fdf

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                            Filesize

                            11B

                            MD5

                            838a7b32aefb618130392bc7d006aa2e

                            SHA1

                            5159e0f18c9e68f0e75e2239875aa994847b8290

                            SHA256

                            ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                            SHA512

                            9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            8KB

                            MD5

                            899e649d108c10758b2333cf4c7ea49f

                            SHA1

                            9ac57f612bcb98ff336f24058dbd32ee7582275c

                            SHA256

                            efb164f570a92ac9f9257fbb1854df48404faf94563792bda55954343b9c4c28

                            SHA512

                            ae9697e33f03b1c17d4f0d4218b2bcee7bc04facb7dca04ed9758068665e40e22a52dd178c63006cc5e32a823962f905dd7a0d2b072a7d105bfe78a31c2fe64c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit

                          • memory/4472-107-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-109-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-108-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-113-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-119-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-118-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-114-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-117-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-116-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/4472-115-0x0000025CE86E0000-0x0000025CE86E1000-memory.dmp

                            Filesize

                            4KB

                            Download