Analysis
-
max time kernel
218s -
max time network
220s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
-
submitted
20-01-2025 23:29
General
-
Target
https://virus.exchange/samples/21916971
Malware Config
Signatures
-
Detects MeshAgent payload 1 IoCs
-
MeshAgent
MeshAgent is an open source remote access trojan written in C++.
-
Meshagent family
-
Downloads MZ/PE file
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 36 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 32 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://virus.exchange/samples/219169711⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd36633cb8,0x7ffd36633cc8,0x7ffd36633cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,18066147200321249425,14014627068509819556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7840 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53d68c7edc2a288ee58e6629398bb9f7c
SHA16c1909dea9321c55cae38b8f16bd9d67822e2e51
SHA256dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b
SHA5120eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f
-
Filesize
152B
MD5c03d23a8155753f5a936bd7195e475bc
SHA1cdf47f410a3ec000e84be83a3216b54331679d63
SHA2566f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca
SHA5126ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41
-
Filesize
1KB
MD51559123723858af8d2afbff1583f0d1a
SHA1ace281a43df8b8160773d5f77befcab3cb98e338
SHA256aa71bbe0b188f8790c3fa95a5eab15e328ab8db08688f8aa97b9ef9b33db3e03
SHA51258920906bbb22b991ad8cb19f950673bd3a2bcd43ebd4a17b664721a353c5fcf2ce7bf8145294bedaaaf5d95bb89232b5c00906b9ab1890301f4b76872e5c328
-
Filesize
1KB
MD5155aa0026c07f216657a62c306305a43
SHA179035cce345831c31225e679f28b81c9744f53b0
SHA256016902d269cfc5a3a702bc12b653f123982b413cb36a89b8345f018bddef960e
SHA512c1ba552023f5400359d5e847fb3dc8ee989a670d2601a7e568967e4c444148eaea58328c22cba309fbd5753fcb45019d984df47e9fab2ef3bb38cb7ec2bf1d1c
-
Filesize
12KB
MD5eae5e009124492cfb99d5f4294f0aa92
SHA1e3d47d70824a59b18776138eb173daee15daed94
SHA256c1b935694460ac1f4b6d6c5b86753b66a949de08989755f71d26a93936c99e92
SHA512c0db9b853ebead752f0fd1e5fd6ab58f7862346c0978671232d0f6fbd4914f27b8c3a501d31470087555b517c5a30b4a64d3f77f8175b47ae57588b5bff848c7
-
Filesize
12KB
MD541e10962706327b8199ebbd85579a430
SHA180c65abd748d7daef65c519e5e12e22d6e16bd2a
SHA2564ae69ffc6bbfe4bff9ff4ed63ea81d96ee1a05e5464b83763f9288cff9401bb5
SHA512ffde43a7662bc6469b34eb3569fb79a9c37612123ac34b9a144b7ab2967053b4b4bd00eb64044ff3d3df98da69af801068ef47d69b63fcaf206bb2c79c4fbfe0
-
Filesize
12KB
MD5059099fdf772f4eb522558ebcb58c8dc
SHA1bff271290961d74da2810a650c61b61e780712e6
SHA256c5f0c455db7764cd943ccad050ffa1d71db397c1a04f8cf903523294c412ceea
SHA512c812c8b7061c889e15ab10747aebd8dc1fadaf1efd6544cd5d63f319e1d26ad1f1a7095c1f083ec062b882784e0eee7c7e5919235ff5027558b864908acbc3e3
-
Filesize
8KB
MD55834b431ec51328fba46831762b265d8
SHA19b4b44c7cd3477508385ccc65a237331eb84a061
SHA2568c2d0896001bf407877a84d3b531cb54c7b6d1975066aff81288dfce041384d8
SHA51290f39245ec625c0cd752353ec52bce1c482f78e21bbd170811192d51fd4c0ea20d7399751c9e7e5b6a11d34dd9265ae30ea8b63ed284734128bd6ccce9750edf
-
Filesize
6KB
MD5f961cef2dbb54250f63ad16c45205ee7
SHA12f07473007d71b8d0f26602b40d59079081d547a
SHA256fbfbfe81313445c589fe4bbcc206436811a801c95818064f7b34a4df424d48b1
SHA512bc438562b58e05996ec492f02d611e5b353d6469d88dede2a03be646152280ce616c0fdd0bbd14038dd64b38189a3aeeb455d84d7a721cfb3de1f99990082764
-
Filesize
12KB
MD5c761dc228737a0bc721de7bb9c3e597b
SHA1d19b1d131f965aa76261752b9fc5dc4a18da0c98
SHA256d8571c144aed1fd9ff6257c2a58323c06232bc0241bd5be5454abb00550dbd22
SHA512d470ead23af93d6a546c2606d8debe1168d879ddb25a6504eb561de331d13b8c068303a83aabcf9256d6dbf1291500f0e61a1d7d0aa354c0ea1c3e06e9a09cab
-
Filesize
5KB
MD5214a7d1d647a9696f548965bcc5f1d19
SHA1fa5a911f6d1f4a038cc05ea81d198389950aa6d4
SHA25685fe0b43abb43f45e8539c44b45923cdfa4a1eb7ae4b84ae08dbc82aa9e27dc3
SHA512a12711bffbcdf99b1b52633eca2fa7558a24a7fa1e1f8a459c72c1e57fe74feb123a9122620bdbb6d49edf0d49538e95cd41e373381c9158c0865d64142a8fb5
-
Filesize
3KB
MD5d7cddc1fd777c0a57eef4076a079dace
SHA16ce2524bded3c5fa34a13b0d53c111155306f03d
SHA25644f1cb07ede07064a37b5c57ea5510b595298865263ee91328f2fa1476807a04
SHA512ba1f8dfc03d14d5db302f862bb0ae810adea295852cb8ca169bb5152ed46030ef8dc2b383b95c4c49d961ae461c24cd230530fc6ea8fdf333bfd6f54ff0e0ba4
-
Filesize
3KB
MD58aa71d446f2b9ed9f7f54b8f36d690cf
SHA1133e7da3ec3a52fee3872bfd60a5812c069261fb
SHA2566453b32e87b50f14c2551ada4912a2f4b25b39f421c85b445165de7781e4c393
SHA51264489542843cfdfce2651742221887568c328d04300025c31a75e805574851dba9d09010946e0b8bcf0a9e40afb6d9d4df53f69a558aa8880746dbd8dc71adfa
-
Filesize
3KB
MD5d42f8dbf5dd6fdb55c4731540cec02c0
SHA136985aa6e9ba1d146a3b1cfcb89e94f6b6f1e1d2
SHA256b1488b1f6b288994dd6dab36ed933e793e461d238fac363d1753a40824cef955
SHA512e2197cd71fb3c026404cdee02ad1b555957d4bdbb606665082f02edf71aeb72bb8fb8617633bf4b5ed23e94439b9acd15a2ef6635c31e256b1936abd959f3697
-
Filesize
3KB
MD5c4c37a5e0cdf54065966a00b83ceef78
SHA12550fb0877be961b318bf3744a127000a792552f
SHA2568921a102d97dda41b423d8fd618be9e3f2f2964788a6e617750a060df8bc8a6c
SHA512c5f6684087260a9dc244780f8d1d62d65deccf79c410f468b6972296130e0147ed85f26979c23dad8286eadc444f84ddb86ac811d03a46637fd422c7160c821c
-
Filesize
3KB
MD5787ddea4539b7325143daa8a3d1600a6
SHA1f904f6478739eb77635b1d82428f92e68d65e8d4
SHA256b91be5cb76a5fb23dfe634ff5127ad308e9f840059c2389f5e81763b91c27137
SHA5128667e49685823bcb462c30a5c2ccd5676bfcb4c5c0d78af240ee410af0d29e42305e2e19ef13302ea1bd1acdfaea582f884c0e0474051ac1e94e129251374c05
-
Filesize
3KB
MD5dc05a5e8a543eaf9907e91a96e0ad1bd
SHA11c9971cb81954138c74e5933f9c4f4582d72bce5
SHA2568589d252bab53498e6571352b0d21a8cb36e4533fede61fadefbe359608d4358
SHA512b9b89e284fd49ae1a6bfb5813592bb3adad589107222d4bd83bec9e0799c5c91a450d9c47b5e94769d5edfad61d12860ef50e4a1aeb65cf7e26f52ef43015147
-
Filesize
3KB
MD511dd2258c88f07f1efcfc8ed534c72fc
SHA1c1875e0063001ac564b07abd7a53bf100b1d6994
SHA25656f363b05315421a89bff74f204150e20bc3575f51fe63012f5c4d6b1800088d
SHA51254447cec58a42beb64cf3b3d5560368cf5966e3d0120c347c2cfb99110fbe0c1ed1671d3b2173943fd501c10ea7a53cfea62d015883b564f254f1cadb6918e9d
-
Filesize
3KB
MD5e4945a6c754c3b30472fc6914582dd62
SHA110bbeaff8673b003b0b19d6736b09864afa7e581
SHA25623ada8e417a808b9d1bf02e4d8734a596e536dd28323620d804aeca41e37d141
SHA5125ba57871575213be33f90208f1a5f1d2429c762f86966d9b54b98e26ce38f75492fcf4641d5394c66f37cfa3e8d48f85b816c12266e824e2006e1fee68a708e9
-
Filesize
3KB
MD55a3db963a9ed764f162503320b9ed993
SHA18df7822174f18d6ae4cbb65ed9206c734b17cfd7
SHA256447c5362758ad32bbadf5659aab925c6711e62df92e44dc9ae5cf52bdfe0606d
SHA512bdf5271c15af38005819ad34814e206e4779736afeceb8765ef2b7094afd90524f27dc11a4ac1652fcb1c422f462e74900885c9616da1b05072773e9808e6941
-
Filesize
3KB
MD5d5750992aff9a8f7a0e3f69258b0026d
SHA17143c97987b4821a70e8f14b1f81ba20d195d12d
SHA256d60afbca149e0f44afcf0152e728c441e6fda0e8ec914e8f243eeefa85335656
SHA512f583b64f3a4ecb02c2d376ecfe153d80c61c24337f49a7fa836419e32facdbe99f393890f7b9f0eb9845792dc006e7519d45cffecb573c9af15e72097a040f95
-
Filesize
3KB
MD587808eacc6066918ea1694b96452d498
SHA125f5ef9116316ce86413edb4ec211060d5995c37
SHA2563e3dc1a6444853f4d09bb11cadc3b38ac94d6c6be3df06bd8b9024e3317a62b6
SHA512a43515ab0b5fcc8f054a8637d6ab377785aba7610ec6504905b3df2980a207cd4a0a2e98021f9ebdf732c69a12ebc3001436d6b84d835d84eaac886bf30535bb
-
Filesize
3KB
MD54d18811f7f814ca2e0c122c52db7868c
SHA1a80975a225fce53a1bfb65d97fc20fa9767a6bd4
SHA25613669c24eb2a123d7d7745639361612b927e53fe428ba670a6a00dd2d18b4b9d
SHA512aa3db30862110d4fe0dafa13bf0dc10f41f6ade173432b792e59cb2d964ab2335400a5c5619ddd56c28808b414e3cb4ce3b51f2a95afce4a30d67ba6a930e5a2
-
Filesize
3KB
MD5c3cae442422c525f287df81cefe50410
SHA1632a7155e8b031121e711f2e8dd93e17ec9edbca
SHA256efd81126d6671b5278df47a40292521c6de656074e4716ec4e2b4b4d17b686c6
SHA5123cd5457f2a498168b7525c467c682cf361e4aa05930f7c9093090e20de1d54f75d2459a054b3e1a4f1bb047968ea60c845d400c8a137a0af7b1c2cf186f14153
-
Filesize
3KB
MD5e77c42ddf332d6bf7af970f604ac2b4b
SHA1fa7407ae096b13f11d64e4229be2e84f83e57bae
SHA256edd50cef8a1f2d30a24d5eddf0eeb38da52703dd840a13fac161a11306d083d1
SHA512bd0a00e28ff2b5f9b024367bfec309471669fed6434b2f4c309fb0a0a55494811f97521aaef41fd0dc190fbbb67ca410e86a3a6259aed6b7bbf62a0e9ce098e8
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD50b9d63faa544d48cf482b317c929eb41
SHA10a97b8519e48fc530b62ac9312152b5edca7de3a
SHA2563bbe3f6237038faceea7469167377b79c3c01f5ca568a091284637013e60bba2
SHA5123a28772b0b8baab25a3fa747a4bef9b84e17ce8639cf7496f2a0bca79cd2ee88e43da8857cb0b6e151e187c394076a40619c0a9c6cb5148ce4d45dd3bf1b5282
-
Filesize
10KB
MD5b195d0f9a9bb2d5274ebd7b09d28105d
SHA1897d0bbc82ec4d5798e9c2f3fc4cee0b4f347685
SHA256868dee66b51d03237d6045ae0e3c965cb69de7dad2861adf53ef0c2b7aaa518e
SHA51278f1127568972613a8c40e0c7e7fa2e4d74d7c453d57d901100db6d9e6456249abdf3ce0a196e7be8398d25597676d790731b2ca4aa875d42b65399526827ab9
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
3.3MB
MD5490450f5d2f1cb617e02366bc389bb7b
SHA112dec1564aff16bb854a38eda3c9b4db161b408a
SHA25644cdc03e755bf1e7e60b460ab70834f44f7e4e9cb28591ffab99ca1517687ab2
SHA5129bd97a52f7cd46a8099c94a9e5b4a5836a79c0951c8e36b8349f6042a7b41512d3368e5633200d80dd512488ef4926aca9b3f329b51407a872a402fad1f953fb
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98