Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
12-01-2025 03:22
General
-
Target
https://crypticexecutor.com/download/
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 46 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://crypticexecutor.com/download/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9443102356737852647,17116317436945318366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Cryptic-crypticexecutor.com\Cryptic\Cryptic.exe"C:\Users\Admin\Downloads\Cryptic-crypticexecutor.com\Cryptic\Cryptic.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Cryptic-crypticexecutor.com\Cryptic\Cryptic.exe"C:\Users\Admin\Downloads\Cryptic-crypticexecutor.com\Cryptic\Cryptic.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Cryptic-crypticexecutor.com\Cryptic\Cryptic.exe"C:\Users\Admin\Downloads\Cryptic-crypticexecutor.com\Cryptic\Cryptic.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
Filesize
20KB
MD5f2ccb6f56e4d5e11978bfeb079777f93
SHA1dcfcab174138725ba864fa18b1a56576b4a8b711
SHA256b6ce1ec398d8d032e8b09d3d9813e4de4e2578931ce7c099025b4bf430bab5f5
SHA512af243b4dda9e37413ff9c5433f550e6c419acc6c2304e80d74444c7c467c4e3f778cc6f01e02a45675056288255e50501ee69cfb787d1b09201634a8f4134f08
-
Filesize
600B
MD5c3e967fc1d48857f377e8dc02c343a87
SHA12b8883690b244933b18143b75f15fcfbe7ff3d47
SHA2564d63b6c698e042e10383f2c5149b602f8c03ac9e8343606204e04ca175418727
SHA512e0810dc6e9b86b21760870efb49110d7522baf1c9c0fabb4652ddf01c4c5226e94c1eea3f89162aefe56344016c355826afae3ea2fd5381a84130a407e2fcaea
-
Filesize
4KB
MD59b387451791bfc2506cd39c27ad574f5
SHA1714912fbc46d101dc9d5a64e54b6c97c5532bb0e
SHA2562dfb113e94154d46548afbf6bb08917c78d631662636c2e40b641e03f526315a
SHA5129935580cf99716fdd1352fc2ecf7ae177df70ce0776f23d74683b5d4181e4bfaf25b10aae4a540ef6692671923eda4657e9320eb414b1d96de31929a8e5f2018
-
Filesize
8KB
MD530da07f492c43238af66807481c11c13
SHA16e60ddd854323a6ace53e9f5495a26a0a80094d3
SHA256cd901ff289e451eba7c10d63301455e5b75c015c775127a1a9785fb793f604ad
SHA5126a793766942ae671d783c4b4b4f212015fe1aa8014651dd0b6e7a4f2fb4ada5260fac961ea57b486535427738635e522a061b02e3e6de0a882a47afb596ff8a3
-
Filesize
8KB
MD55403fab9bae379c93dfb63679d30b277
SHA1be6ee2db5280ec7c2bac09fb968664b9aed44cf1
SHA256b6e54a19039fc74730621b760dd09369a7666dc90fdb0f35bddf65e112261b41
SHA512119d3e0684d51302c84f2a8f0127261f923deed60faf9f76341c6e46240230e1212d6fec1a6391c41d4ba0a99e1311a4c92d32215aa63efa212e3c5967a0c738
-
Filesize
5KB
MD5cae525ea3abdfcc74dac3873caf5483e
SHA1b48514611c25c7cd0c542ad04f7ccad31812a5aa
SHA256c88b226f7a9bc2f159230f0dcb4b5efb330a5001378a9cdd54f1028767d560b6
SHA51253ff7d1971632f344703d4d277f3def9ca1a85347d6b866e52c8789d60a5270cab5fcb95183033d22726a619ef3b1245579e460fbc2f4710adb666e7a79e88ac
-
Filesize
7KB
MD5a4dce9647a34a1e25fa5227f6e5d2fa8
SHA1057317063681289330f0c6b22adf7b63192dabd5
SHA256b847a30b700d80451283f63cfeccb1e02ca370c7d76a630cb22c88a9391e3c59
SHA512ba24a96e748a46e6a39382c0421bff98d0fb936cd8ec5b7823f2432e6060e1b80e4029c66f0308205666db19ac45c77b8083e7ef28b76982baf6bafab87496a1
-
Filesize
371B
MD5f7adc7a3052292818730b732afd19c7d
SHA173523a27c2e4936ea7408e82115174f6a01c7bdc
SHA2563ebe34142ac4f6974d2dc4bd02eef46aa914e6d4a87a39316aaa13f295caef15
SHA5122fcb4a031dcac15daf211ef7b839547513b647ee237d23e76516fdcff1293ff917b2bcadabea3aefb1a3292b9a96a8ea658fe07c74c82fa049470f4422584f16
-
Filesize
371B
MD5efea9de6ea93293509116069d4dd68fc
SHA1e11f707a6a4d48afdc7527487caa24d2716438c4
SHA256825561f2d5c7db4451b6aa0ed990da6ed32c0d16c7ee905b3323d8d1b1892361
SHA51215dc30f1ca89adfdb0768e2622ba0d3ccf2bb1de8441247fdbf05cf1f26d814be03e80c6383d0382e7fe4bf575a459f16ed7dc9800a84093fad57e855b98327d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5b16142c176fa6e5686a7ff1cca6e7eea
SHA1bf316cedeb98a4e4e0262df6ae981472c219922d
SHA256c2203e6144c55c5c61e86e5c7f65c5ebeb97094a71033bfcbc981b39245b0d36
SHA512601239c8bdec30514bb00ed3c5dee604601afda808f44c60e4e75c091271f2f564915b2ad1a1aa8eecaf587199775b7f1c12eee99802aea5fe071404764e3256
-
Filesize
10KB
MD5445fbcf58fbaf00ff94e1b42051b44ea
SHA1e475c3f9476260976b0663bd1ecaef3632357347
SHA2566cf5b331d032a4ef429ecaa291e49220f454df90c6ad2600fa5c0ddf507b60f4
SHA51234795a17309aaf7834bfffb3bd8017e59c9a4898dffb5dd766f1394557108204478f96cb01bd52ac6311b5fb08812afee75d11faf02071acffa35e27ed7956c9
-
Filesize
11KB
MD505ec2efe157e0e2e6c1e1e437f384165
SHA1196940e195e9c23e629cbd1c37290d1d8711af00
SHA256b5e47faa48435fc0eb35ea07b90f208c9abce905c89400700b30496965b072a1
SHA512636d19593b1cd663d210190bb65c0533f992036632482266cfd6202f35c5ff03cfe767893e84562acc2aa5de24109acb16a9a00803cb16ed5d4de40b18f24b7d
-
Filesize
6.5MB
MD5576fe1b9566d71aec47bb662445b5a31
SHA1d5432ad8e994549da0cde1cb5c86b2e9cb5b453f
SHA256f6b958ccc17f05631144f5abf8393f06f5bc224ff85972739d586cf1bbef628f
SHA5125e6beefb50aa51cbcc3e365393d350c5832978dc13ae11e1691cf3ad6c7080b366412d9ef9d46532f75f105769971463e012b82ff8a90348dae47ff5892a391a