Overview
overview
10Static
static
10Malware-1-...30.exe
windows11-21h2-x64
10Malware-1-...40.exe
windows11-21h2-x64
10Malware-1-...32.exe
windows11-21h2-x64
10Malware-1-.../5.exe
windows11-21h2-x64
10Malware-1-...91.exe
windows11-21h2-x64
10Malware-1-...ey.exe
windows11-21h2-x64
7Malware-1-...ad.exe
windows11-21h2-x64
3Malware-1-...ti.exe
windows11-21h2-x64
5Malware-1-...an.bat
windows11-21h2-x64
7Malware-1-...an.exe
windows11-21h2-x64
5Malware-1-...ve.bat
windows11-21h2-x64
7Malware-1-...ve.exe
windows11-21h2-x64
6Malware-1-...ya.exe
windows11-21h2-x64
Malware-1-...re.exe
windows11-21h2-x64
10Malware-1-...ry.exe
windows11-21h2-x64
10Malware-1-...ck.exe
windows11-21h2-x64
3Malware-1-...he.exe
windows11-21h2-x64
10Malware-1-...op.exe
windows11-21h2-x64
7Malware-1-...rb.exe
windows11-21h2-x64
10Malware-1-...ue.exe
windows11-21h2-x64
1Malware-1-...ng.exe
windows11-21h2-x64
6Malware-1-...kt.bat
windows11-21h2-x64
7Malware-1-...o3.exe
windows11-21h2-x64
10Malware-1-...ey.exe
windows11-21h2-x64
10Malware-1-.../m.exe
windows11-21h2-x64
Malware-1-...o3.exe
windows11-21h2-x64
9Malware-1-...32.exe
windows11-21h2-x64
10Malware-1-...nf.exe
windows11-21h2-x64
10Malware-1-.../o.exe
windows11-21h2-x64
3Malware-1-...B8.exe
windows11-21h2-x64
10Malware-1-...ig.exe
windows11-21h2-x64
10Malware-1-...rv.exe
windows11-21h2-x64
10Analysis
-
max time kernel
854s -
max time network
861s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
16/01/2025, 13:33
Behavioral task
behavioral1
Sample
Malware-1-master/2530.exe
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
Malware-1-master/2887140.exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
Malware-1-master/32.exe
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
Malware-1-master/5.exe
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
Malware-1-master/96591.exe
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
Malware-1-master/Amadey.exe
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
Malware-1-master/Download.exe
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Malware-1-master/Illuminati.exe
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
Malware-1-master/MEMZ-Clean.bat
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
Malware-1-master/MEMZ-Clean.exe
Resource
win11-20241007-en
Behavioral task
behavioral11
Sample
Malware-1-master/MEMZ-Destructive.bat
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
Malware-1-master/MEMZ-Destructive.exe
Resource
win11-20241023-en
Behavioral task
behavioral13
Sample
Malware-1-master/Petya.exe
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
Malware-1-master/Software.exe
Resource
win11-20241007-en
Behavioral task
behavioral15
Sample
Malware-1-master/WannaCry.exe
Resource
win11-20241007-en
Behavioral task
behavioral16
Sample
Malware-1-master/Win32.EvilClusterFuck.exe
Resource
win11-20241007-en
Behavioral task
behavioral17
Sample
Malware-1-master/apache.exe
Resource
win11-20241007-en
Behavioral task
behavioral18
Sample
Malware-1-master/butterflyondesktop.exe
Resource
win11-20241023-en
Behavioral task
behavioral19
Sample
Malware-1-master/crb.exe
Resource
win11-20241007-en
Behavioral task
behavioral20
Sample
Malware-1-master/eternalblue.exe
Resource
win11-20241007-en
Behavioral task
behavioral21
Sample
Malware-1-master/fear.png.exe
Resource
win11-20241007-en
Behavioral task
behavioral22
Sample
Malware-1-master/getr3kt.bat
Resource
win11-20241007-en
Behavioral task
behavioral23
Sample
Malware-1-master/iimo3.exe
Resource
win11-20241007-en
Behavioral task
behavioral24
Sample
Malware-1-master/jey.exe
Resource
win11-20241007-en
Behavioral task
behavioral25
Sample
Malware-1-master/m.exe
Resource
win11-20241007-en
Behavioral task
behavioral26
Sample
Malware-1-master/mo3.exe
Resource
win11-20241007-en
Behavioral task
behavioral27
Sample
Malware-1-master/mo332.exe
Resource
win11-20241007-en
Behavioral task
behavioral28
Sample
Malware-1-master/mysqlconf.exe
Resource
win11-20241007-en
Behavioral task
behavioral29
Sample
Malware-1-master/o.exe
Resource
win11-20241007-en
Behavioral task
behavioral30
Sample
Malware-1-master/qOA7iZJcoB8.exe
Resource
win11-20241007-en
Behavioral task
behavioral31
Sample
Malware-1-master/rig.exe
Resource
win11-20241007-en
Behavioral task
behavioral32
Sample
Malware-1-master/sserv.exe
Resource
win11-20241007-en
General
-
Target
Malware-1-master/MEMZ-Clean.bat
-
Size
9KB
-
MD5
bbae81b88416d8fba76dd3145a831d19
-
SHA1
42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
-
SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
-
SHA512
f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
-
SSDEEP
192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 980 MEMZ.exe -
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 788 msedge.exe 788 msedge.exe 2092 msedge.exe 2092 msedge.exe 4660 msedge.exe 4660 msedge.exe 2156 identity_helper.exe 2156 identity_helper.exe 4768 msedge.exe 4768 msedge.exe 4768 msedge.exe 4768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe 2092 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4404 wrote to memory of 3276 4404 cmd.exe 78 PID 4404 wrote to memory of 3276 4404 cmd.exe 78 PID 4404 wrote to memory of 980 4404 cmd.exe 79 PID 4404 wrote to memory of 980 4404 cmd.exe 79 PID 4404 wrote to memory of 980 4404 cmd.exe 79 PID 980 wrote to memory of 2092 980 MEMZ.exe 80 PID 980 wrote to memory of 2092 980 MEMZ.exe 80 PID 2092 wrote to memory of 1448 2092 msedge.exe 81 PID 2092 wrote to memory of 1448 2092 msedge.exe 81 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 4524 2092 msedge.exe 82 PID 2092 wrote to memory of 788 2092 msedge.exe 83 PID 2092 wrote to memory of 788 2092 msedge.exe 83 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84 PID 2092 wrote to memory of 4308 2092 msedge.exe 84
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:4404 -
C:\Windows\system32\cscript.execscript x.js2⤵PID:3276
-
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda8f13cb8,0x7ffda8f13cc8,0x7ffda8f13cd84⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:24⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:84⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:14⤵PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:14⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:14⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:14⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:14⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:14⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:14⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:14⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:14⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:14⤵PID:3884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4904 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:4768
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:2684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda8f13cb8,0x7ffda8f13cc8,0x7ffda8f13cd84⤵PID:3376
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4544
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:928
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51fc959921446fa3ab5813f75ca4d0235
SHA10aeef3ba7ba2aa1f725fca09432d384b06995e2a
SHA2561b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c
SHA512899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06
-
Filesize
152B
MD5e9a2c784e6d797d91d4b8612e14d51bd
SHA125e2b07c396ee82e4404af09424f747fc05f04c2
SHA25618ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6
SHA512fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1
-
Filesize
215KB
MD5d474ec7f8d58a66420b6daa0893a4874
SHA14314642571493ba983748556d0e76ec6704da211
SHA256553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69
SHA512344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD59e3fdff46d802262b68534794377d4c9
SHA11ed40bc6d084356d441071351b1f1a6f321fdbaf
SHA2560af6a6fd568913e6ef710abd939204d14155fcda79901bac4677b85bdeb9b7ba
SHA5121c8cc23d889bde8e9bb8bb9c632ed1ade6205eef1f6e5e4328b71c2c66e6c1078a28708e77f2f3e13b56b3b7048577536ceb7479827b8970729631a8cd0ea8a3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5eafe9ba4d6c32c09020753d1ffea9ffe
SHA1ea2a2839022704caa8954d055e996e2930b028e6
SHA2566d6f823e64d87171775bd0f81e8d1773466b36a17dc14318d28bc5f93e24aaad
SHA512bbf048f892cc9e39048301eb435c68737ad554a1384cd580892b59db7b59542a0a25ead7c289b4c19aedf501cd4f06977b89d796629f384acd87025822bfc8d1
-
Filesize
815B
MD5e809e0ee7b6f058d03fb122d602bf02b
SHA1a6383d25c412651743336ec15c678b547d1a7c8e
SHA2568b225d0c1dc042e9539492930183c37303839322067bbd6e378d89efcec20fbb
SHA512f60f623b9965298ebf8377bbaaf8ccbf3c35a493a7ac9ae70bff9ea6733629ec0cbcacb223c8625468c16c8c613382e6a67c347ee96552ba709a2cb2fae32a03
-
Filesize
815B
MD53238bcad307808895a0178ea31427c33
SHA1ef48ba25dc1d1ffe9d1eadb1f4420db11e9867c8
SHA2564fa3c17b08e15713b73e7106269808a0ffc73b406012d85da2da549d45b8a0a3
SHA5122663d73c3142702b5356998481c1d03e3e60f513c15836d22d37fd3a004d864f505a63edc4af963206de1f8a27abe0e0180edb5643a7ee5ae27122ec3443fcaf
-
Filesize
6KB
MD59f5036b78f4395420283f3603a8940d4
SHA1fa996e68653a7a714d4b14800ad236d467c58396
SHA256504646c6f96bb6c7cda6ef216d20857a080323ca3fcc44fc8ac2991c44170aef
SHA512abfb7dcf70a721a94d0b016c3d02cb1f8359cec90c2fa7704ec47768d49cb87a52f2c026c20bc9d5767e2d21c40da283f724cb8b382ed332822c9f05766a41a3
-
Filesize
6KB
MD513d9b3ae7cb6b6c2cce09ae83a3db3ff
SHA1a7371a0835a61b146c2ded6e2335ca98abd5896f
SHA2567a80fcdca3375c76d58ea18a003c5ea45acda32778560f62b733d3d9eb9b6638
SHA5120a69e5be5b6078174943c9d7f9892f335402decb0144c6b74b72ae1fab05721a29038ad914eef4734d6c35b75d9e946992bad9fd20309cd7d29fc2bbe7c6b96c
-
Filesize
5KB
MD5b9dd89e4c4c6ccdc13c940bee3da3680
SHA182692c1ebecf231a82863a90bb4f5957a558f2e6
SHA256e3b40c42f5fdb49c64054020138e7a659818320eaffb1b0894f9a73abd37251b
SHA512a01de26a24b049bbe4871b9cd00164a57c15e8a8d14b2bbd3f78b62cc756b58690d43993e5ae72a000ca2c7c547f06b3e2dd5c49a4fa5536d048ccacb474c528
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5baf6f80042232640247e3b98f4a9ca9a
SHA1f7823af27473149430139f3da16e6d31f3480586
SHA2564f854b7cf7eb9bc8d774ec9c7c4c246b8d2649398abb683bf3ec13d0182aa086
SHA512c3f44e19e4af57fb6b8a33af1b01f89dd4147d58c0cf99de9a5a6de7e39fd1e1989f6671c6f0157fe17070e4a833f0c9a29b6411d18278d42dcac8bf815494fc
-
Filesize
10KB
MD5636d4e5f7a2f0dbfb56531751531aeb3
SHA11e046dbe55d79b740ab512fe694699bf4864dae0
SHA256d51d149dc8dcb8359c80e3426bc18a1f4bab377cfe7fde6e32ceada7b8a5edc6
SHA51207259d23479c991c53bd92a710d6519d6e420f944ad83d65f236f2e4cdcfcb4b2e4e8f36776d30f5495ffbbbaf7110defa42ed2666793025ff6329f81c89b11e
-
Filesize
10KB
MD519e3de2dda464f6a5557caea711b0dcb
SHA110d3b3238d91083a988eac1dc72d93c291bcb339
SHA256a7b82fd4748cfa608026a5cd1580642c832e74853da340a7cd381ea7b44a7281
SHA5121e427b9c945cda2bdfaebbfda3921c21530d7ab247140d191bfedc5cb24e5adfaa6f0f9f50d5dac65a13800a5571d1543562d5884b8d30774d2564adc3dc694e
-
Filesize
8KB
MD55ce1a2162bf5e16485f5e263b3cc5cf5
SHA1e9ec3e06bef08fcf29be35c6a4b2217a8328133c
SHA2560557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43
SHA512ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1
-
Filesize
4KB
MD520e335859ff991575cf1ddf538e5817c
SHA11e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee
SHA25688339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf
SHA512012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d
-
Filesize
448B
MD58eec8704d2a7bc80b95b7460c06f4854
SHA11b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210
-
Filesize
5KB
MD5d2ea024b943caa1361833885b832d20b
SHA11e17c27a3260862645bdaff5cf82c44172d4df9a
SHA25639df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76
SHA5127b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb
-
Filesize
12KB
MD59c642c5b111ee85a6bccffc7af896a51
SHA1eca8571b994fd40e2018f48c214fab6472a98bab
SHA2564bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA51223cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c