293bde3fdfa0643b40d9bd82eccd42e2e30225aec267c2a4e0a5ca8236da6d68

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
15-02-2025 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_fcee730be8140f2aee61745c9a38127d.exe
Size

852KB
MD5

fcee730be8140f2aee61745c9a38127d
SHA1

ca64c73a5828e4492e8c6dd0e747b64e51e30b5c
SHA256

293bde3fdfa0643b40d9bd82eccd42e2e30225aec267c2a4e0a5ca8236da6d68
SHA512

a199adde7d9719fabd576532899b3ffca3e5584cbbccfd5f99bc1512562bf592dc67980c08a4079ea04ba8c1cfb6c9bae434389d7b09ae4b5c3b9e9e97916cad
SSDEEP

24576:+eu3MIZhtf/wZXmM28FeyV2xefthlIWrGJ:+JMkhtfEmN8FF4WrGJ

Score

8^/10

defense_evasion discovery themida

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
39	1324	Process not Found

Executes dropped EXE 2 IoCs

pid	Process
1364	setup.exe
1816	setup.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1639772215-809007892-4072230623-1000\SOFTWARE\WINE	JaffaCakes118_fcee730be8140f2aee61745c9a38127d.exe
Key opened	\REGISTRY\USER\S-1-5-21-1639772215-809007892-4072230623-1000\Software\Wine	JaffaCakes118_fcee730be8140f2aee61745c9a38127d.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/4732-15-0x0000000000400000-0x000000000050C000-memory.dmp	themida

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\cy.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\en-US.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Advertising	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\telclient.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win11\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\lo.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\nl.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\sv.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\mip_protection_sdk.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\MEIPreload\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\dual_engine_adapter_x64.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\en-GB.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1364_1392231476\msedge_7z.data	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\133.0.3065.59.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\BHO\ie_to_edge_stub.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ga.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\hu.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\SETUP.EX_	MicrosoftEdge_X64_133.0.3065.59.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\es.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge.dll.sig	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedgewebview2.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\oneds.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Temp\source1364_1392231476\MSEDGE.7z	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\eventlog_provider.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\ka.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\or.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\AdSelectionAttestationsPreloaded\manifest.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\as.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\msedge_100_percent.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\nb.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Content	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Mu\Other	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\Logo.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\vulkan-1.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\webview2_integration.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\resources.pri	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\gd.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\mk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\pt-BR.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\zh-TW.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\dxcompiler.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\lt.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\VisualElements\LogoBeta.png	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\metadata	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\beta.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\fa.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\v8_context_snapshot.bin	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\canary.identity_helper.exe.manifest	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\pwahelper.exe	setup.exe
File opened for modification	C:\Program Files\msedge_installer.log	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\EdgeWebView.dat	setup.exe
File opened for modification	C:\Program Files\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\elevation_service.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\identity_proxy\win10\identity_helper.Sparse.Internal.msix	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\km.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\MEIPreload\preloaded_data.pb	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\prefs_enclave_x64.dll	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\kk.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Locales\kn.pak	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Trust Protection Lists\Sigma\Other	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_fcee730be8140f2aee61745c9a38127d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3336	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1364	setup.exe
Token: SeIncBasePriorityPrivilege	1364	setup.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 1364	3452	MicrosoftEdge_X64_133.0.3065.59.exe	106
PID 3452 wrote to memory of 1364	3452	MicrosoftEdge_X64_133.0.3065.59.exe	106
PID 1364 wrote to memory of 1816	1364	setup.exe	107
PID 1364 wrote to memory of 1816	1364	setup.exe	107

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fcee730be8140f2aee61745c9a38127d.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_fcee730be8140f2aee61745c9a38127d.exe"
1⤵
- Identifies Wine through registry keys
- System Location Discovery: System Language Discovery
PID:4732

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NDdCRDQ3NUMtQ0Q5OC00Nzg2LUJFMDItQUYwMDQ3Nzc5QUIwfSIgdXNlcmlkPSJ7MDc0NEU5NjUtN0YwNS00RDhGLTgwQjctNUUwQkUzOENGNzJBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTIzMzBEODYtNTAyQi00REQwLUFCM0QtMkQwN0Y4MkQ0RTEzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDU2MjE4MTQwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3336

C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\MicrosoftEdge_X64_133.0.3065.59.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\MicrosoftEdge_X64_133.0.3065.59.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1364
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6f0546a68,0x7ff6f0546a74,0x7ff6f0546a80
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:1816
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
    3⤵
    PID:4016
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff6f0546a68,0x7ff6f0546a74,0x7ff6f0546a80
      4⤵
      PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
    3⤵
    PID:1512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff78a2e6a68,0x7ff78a2e6a74,0x7ff78a2e6a80
      4⤵
      PID:3340
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level
    3⤵
    PID:4024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff78a2e6a68,0x7ff78a2e6a74,0x7ff78a2e6a80
      4⤵
      PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level
    3⤵
    PID:2120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.60 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.59 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff78a2e6a68,0x7ff78a2e6a74,0x7ff78a2e6a80
      4⤵
      PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.59\Installer\setup.exe

Filesize
4.9MB

MD5
7974a462e10dd857a428088be6528646

SHA1
ffd93dae09f190f9e7aa5c9cc90159043256b5e1

SHA256
ea92238f94c85954a0651e78d93e002d5dc5ca7659e9f631f5e75881938e3cfe

SHA512
d98716b00ffc3ab7931025df45345c194502a9047094692b6b835ad2e241c072c6e1252c3145145e0be2bf0711dc7cb8fd3a41a9a8b6ac4b722630613a3ff6de

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe

Filesize
6.8MB

MD5
1b3e9c59f9c7a134ec630ada1eb76a39

SHA1
a7e831d392e99f3d37847dcc561dd2e017065439

SHA256
ce78ccfb0c9cdb06ea61116bc57e50690650b6b5cf37c1aebfb30c19458ee4ae

SHA512
c0e50410dc92d80ff7bc854907774fc551564e078a8d38ca6421f15cea50282c25efac4f357b52b066c4371f9b8d4900fa8122dd80ab06ecbd851c6e049f7a3e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe

Filesize
6.6MB

MD5
f322390ff3cc8f877e27bd2da6e43157

SHA1
0c94512813fc7ffbff2ec228f7f7de18b8d45a61

SHA256
c8d1150be18e719db610cd9808abd42e0edabc3e0b967d5fb792300415648aee

SHA512
57050b48991cba696e6c6c22de534f3a57f85e140b08dde6b85cf67c19760ff8b7c1c53be99a15f844ffcfd4caed08f5396bab2d3d21fd2eb3314f3df4338103

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe

Filesize
3.2MB

MD5
2b3cbd12b390da6bf74c7e43aac8e730

SHA1
b1a7c8bd02a66fc2aacc5c48d09656c3bc417905

SHA256
6e341bb985f948867c5398500f095c239d23d0b0cca8df12f3dfc667290faa7f

SHA512
2c9de3af24ae15ec53a8d6385e39c65e312bcaeb28d487e52c0881fbcd40a9de648568678c795b44a4874c1acabe74dffab922cd324f46b6cb1a7cb914adc223

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{57584700-497F-4941-BABC-C28F16257485}\EDGEMITMP_74FD0.tmp\setup.exe

Filesize
3.2MB

MD5
854a1b35a2833d042e8c8b72850a94df

SHA1
d92fb870efc274dd57b762ca7e179cb0a6148cfb

SHA256
9636bb27d4832d76815c369f52328def4e3a31156bc69bb4d515c4e6bef16ec7

SHA512
acb2dab908f717e43dfa18f7ef53a18f046cd5b81c0aee86417710f55dea7e027a6bc9af5ceb93eb29f7089da2a79896f91d90a0bff1bfc3cba758cf350eeb70

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

Filesize
1.8MB

MD5
777a6be95b6fd35abd01a95c5f157958

SHA1
d86227a224c3113e01dca63e7e209424dbdffd84

SHA256
3b7ac3793ef2ab018d2a0552a7b1196569bdd475cb9270773fde61e3b2132b7d

SHA512
5ce80aaf2238b93525bda2d8bedc174847ceaffd6047519c7afa7cb589418603440180987ee212bb23443b02cdfafc7b001596630b20ff44b5a5b6696eda25d6

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

Filesize
1.4MB

MD5
be9f7368ed701cba86493934684d2799

SHA1
baf7c21aebb00133dc95cb5b9cb32e01b889ff0d

SHA256
0e5752b7180aea81ce0ea1aa4ec0c6f89cda1f5425f38950d58c3e68ccc4403c

SHA512
301fe56f170aa93c4e0856405341cb15f49c5af3793e24745b25cf0860edd6f1ed7beaa38de98a84fdb416f796ba27f8ec0fe99a2205a3ce86fb9711b062960e

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

Filesize
1.7MB

MD5
81feb8da0e4733c6fa19585fc64b046e

SHA1
2658b8d2f5304e598c8b05763fa864daf8d153b5

SHA256
362a6b7456313b5b69c7532452da835c2e04f5badc1d9ed64d9452ed897c2cf1

SHA512
ada48301ea9d17b7f0a3f2b9624244dff9eb0de3d876fb2ebc43ba95f4e1931558fa2c64ec0a6504429057fac8152c278f22dd6cd46da59920a9d81d4297a4fe

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

Filesize
1.2MB

MD5
9b7cc0673d840f353a457e2a13e7e7aa

SHA1
a9a55f2e68df23a38dc65342ee20375e07c78826

SHA256
e1d1dc62cd4b5303c1ae7116170537d4b33acd2c6d523ed1b4715bef2d714e81

SHA512
3b3cb5f5d58f7741b74cef7659a59fabbb4d61035a4458813a9855afd00e0cc18115fe3367b247ae57d66cc2ca63c726e8d5e007f27d1b8bfc16fdd730dbb798

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

Filesize
1.9MB

MD5
3a298bedc9923f9b6f86668aab781cc0

SHA1
88c5d1b0bb9176d211d74e6c69c3d3dc6e1e1387

SHA256
6399059301ff835ad212a047315f66a48d9c6536bbd42263f521501bc7931bb1

SHA512
7106eef3a6b88fa03ef30582a224b6aa713eb781bd4690052a9a5c2619026fec383a4d5f9cad3c4f66c1da0cdc97819e27ff1becdb5b28f97306e4495c3861f7

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.59\Installer\setup.exe

Filesize
1.2MB

MD5
3f923a53f31b08b416283925b2eb372a

SHA1
cf39d657f666baa596675ffec8217ca8403277b6

SHA256
40ab41260c9617b35520e244b0a26d3b573e471c89e51930de218af657fce68a

SHA512
eed54194a8a0a6c4206ac40e8fb0218343c6471c13b6b436a4b16c81aa89f3ea1c4d2fd97cc70225c039b5165257d6ec96cda6f217af940724c56603d0a10366

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Filesize
2.9MB

MD5
c8712e3fab753ba325cfd500cceba7b6

SHA1
fe2014567a87cfc2c539303028667db320ebe4b0

SHA256
9cc044f3dc107e475584b2defd15eb4bac4127858ec03d30a01f8724e9efb7bc

SHA512
9e4bda526db5bc0d75388790861f263b30ac1eb1e20a942da148d0336a40d559ee992f7c6d59abd3ace8434d2b9f46834cc7b8c21bbd955b591a96bf2c96d898

Download Submit
C:\Program Files\msedge_installer.log

Filesize
74KB

MD5
6516f84b3b50cd8d0ba4879df2c595da

SHA1
33cc1c0d69a2d38336e36575ffa53ce1b5d42941

SHA256
109445d9c0e32bda4d535094296257ce7c14abdfc05429657b13d22b9f7245d2

SHA512
ad200652fa9a8338b047b328095a51449421ce9f0c7bb8b4fc3b5ae59a53957f6eb6e98a9eed80984d9d757879aa5eefcbc4aa6d129aeac7545d601fdde686d2

Download Submit
C:\Program Files\msedge_installer.log

Filesize
104KB

MD5
d701425935ada0d2edadae83cb976f17

SHA1
d944a7d5e7c6a79777e7b0d2adc56ca0b06c41d7

SHA256
84f18554c5a4613a09d504a9b9fda20304f6874ef5530a9bd150cac1fad4e55a

SHA512
b6fc7f424e70f733c6cd38d10f6b17475639290994d72786ffce2263e479dbd366cc484263e5e44d3e9abc75426792a9a98047f95882b32ea68196ad4748197d

Download Submit
C:\Program Files\msedge_installer.log

Filesize
104KB

MD5
84d7d2c00317d6447faef00342cd9ffd

SHA1
3d5a80217bcfc6d9b89411886b4ea98897f7f467

SHA256
39400d3f684da422235a2b400e4c04d8995650143977468077408a5e452d979b

SHA512
df6bcab1a5e7c1cb015142d53cb456ddf2dadda63c728530b681c75e787c038e0b414fed9bd93487294e5b77c77c1ba1651615608d3312dac887761fd9ab7d7f

Download Submit
memory/4732-2-0x0000000002200000-0x0000000002210000-memory.dmp

Filesize
64KB

Download
memory/4732-0-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/4732-15-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download
memory/4732-14-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-13-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-12-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-11-0x0000000002200000-0x0000000002210000-memory.dmp

Filesize
64KB

Download
memory/4732-10-0x0000000002170000-0x00000000021AD000-memory.dmp

Filesize
244KB

Download
memory/4732-3-0x0000000077422000-0x0000000077423000-memory.dmp

Filesize
4KB

Download
memory/4732-16-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-9-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-4-0x0000000000400000-0x000000000050C000-memory.dmp

Filesize
1.0MB

Download
memory/4732-5-0x0000000075A10000-0x0000000075A11000-memory.dmp

Filesize
4KB

Download
memory/4732-8-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-6-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-7-0x00000000759F0000-0x0000000075AE0000-memory.dmp

Filesize
960KB

Download
memory/4732-1-0x0000000002170000-0x00000000021AD000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads