b6ae167bc7a98a16120698f2f11452449118662dd3f1cc88e6ef7286465b45ca

Analysis

max time kernel
276s
max time network
286s
platform
windows11-21h2_x64
resource
win11-20250210-en
resource tags

arch:x64arch:x86image:win11-20250210-enlocale:en-usos:windows11-21h2-x64system
submitted
17/02/2025, 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Videos/PsExec64.exe
Size

366KB
MD5

9321c107d1f7e336cda550a2bf049108
SHA1

fb0a150601470195c47b4e8d87fcb3f50292beb2
SHA256

ad6b98c01ee849874e4b4502c3d7853196f6044240d3271e4ab3fc6e3c08e9a4
SHA512

5ac1dac5061dd14c1d79d2910c4df6ed059059c7d3f987ebe9790626c327d5fa9c7cdbb4150c004d14750223f33b4fc27fa16b3681371d406c2b715ba757be0e
SSDEEP

6144:o9123sLoT4aK8/A+kVG1FHEpgJEvf6sSMWTk7bjgxdO5mVx:on2ZHk/C6vfdHKO5s

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1808	MicrosoftEdgeUpdate.exe
3952	MicrosoftEdgeUpdate.exe

C:\Users\Admin\AppData\Local\Temp\Videos\PsExec64.exe
"C:\Users\Admin\AppData\Local\Temp\Videos\PsExec64.exe"
1⤵
PID:3496

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NURENzI3QUUtNTkzNi00QUMzLThEMkItQzIzOUE2QTgyOEFCfSIgdXNlcmlkPSJ7NjNFNzU5MkQtQkU5Qi00NUFDLUIzRkYtQUYyNUI2OUU3ODY1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEJDRTZDMjUtNDY5My00QjA2LUJCNjktM0E2NTdCMzYyM0FFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjciIGluc3RhbGxkYXRldGltZT0iMTczOTE4NDA0OCIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNjU1NTg2OTkzMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjQ4ODIzMjE3NzAiLz48L2FwcD48L3JlcXVlc3Q-
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1808

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NURENzI3QUUtNTkzNi00QUMzLThEMkItQzIzOUE2QTgyOEFCfSIgdXNlcmlkPSJ7NjNFNzU5MkQtQkU5Qi00NUFDLUIzRkYtQUYyNUI2OUU3ODY1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3RjFGOEJFRi1DQ0RDLTRFNTQtODM4Ny1EQkIxOTk3QjNEOTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNyIgY29ob3J0PSJycmZAMC41MiI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI3IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9Ins0NzY3QTlEMi1BN0U1LTRGNkEtQUYxRi1FMTFGOTFCRjA4RkN9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkwLjAuODE4LjY2IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjciIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM4MzY1OTAwMzc0MDc2NDAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSI3IiByPSI3IiBhZD0iNjYxNSIgcmQ9IjY2MTUiIHBpbmdfZnJlc2huZXNzPSJ7MkJFRkJDMEYtNUI0Ni00QTQzLUJDQUUtMjc0MkEwMDBCRTg2fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjciIGNvaG9ydD0icnJmQDAuNTMiIHVwZGF0ZV9jb3VudD0iMSI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSI3IiByZD0iNjYxNSIgcGluZ19mcmVzaG5lc3M9IntCMDY1MTgxOC1FRkNELTQzNUYtOUM4Mi00RjAzQUY4RUFENER9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
340KB

MD5
fae4534b94d0bbe154dc111548962a25

SHA1
00f271fef47b4712c617a8c235419b9dea9ef2f7

SHA256
a5100037a12054fb1bf41e6a38dd9dd2d78151aa1f5ff99ae6ea4f9dd6560617

SHA512
52f7e2d0bf9cdfa5d2e7071a8a1a9fb99b10df129e47de667713d731ef9285ac85cbf82add9947406374f59816e25ea770be49e804947c7e588c8cbb4d810488

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads