fad398fd1100f4afa63068f3d41a7c9be46102b9229c8e43ea6335ad59ac55fb

Analysis

max time kernel
132s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O/REPO.exe
Size

651KB
MD5

37e2e7e012343ccef500133286fcbf27
SHA1

4b7e66039d04b14ddcfb580a6e6a395ea52222be
SHA256

1643ff9ed131adde7a22363f26d36308b4b4fb8f9ba61e5afce3b6803c5cb302
SHA512

418dcb69e506f42248c00459eb3fa5a576006fead83cb5372e5710a8e95265654c316bbb314e4b8afa69e393a7cdf01219b7e17095d1990ab418f0aed68c687e
SSDEEP

12288:c/744aOD8GVma8Vk2WbYq5qL7Lp4SKpRUzfBI4xa7iKXS:m9aO/Vma72z9KY7BID7iKi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
804	msedge.exe
804	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1624	3028	msedge.exe	127
PID 3028 wrote to memory of 1624	3028	msedge.exe	127
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 1956	3028	msedge.exe	128
PID 3028 wrote to memory of 804	3028	msedge.exe	129
PID 3028 wrote to memory of 804	3028	msedge.exe	129
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130
PID 3028 wrote to memory of 4732	3028	msedge.exe	130

C:\Users\Admin\AppData\Local\Temp\R.E.P.O\REPO.exe
"C:\Users\Admin\AppData\Local\Temp\R.E.P.O\REPO.exe"
1⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault22d27dc7hf614h4be0h9a8dhdf8d49a9d422
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffb24f746f8,0x7ffb24f74708,0x7ffb24f74718
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12354419268785530877,6289819415476843920,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,12354419268785530877,6289819415476843920,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,12354419268785530877,6289819415476843920,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1bed6483de34dd709e03fd3af839a76b

SHA1
3724a38c9e51fcce7955a59955d16bf68c083b92

SHA256
37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596

SHA512
264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8215e9bd0836b8913892401edf7b75e

SHA1
212c2cc939f2ce7caf5b803b03a95cc2e374b5f5

SHA256
7e4187182629b9e276d3de55ca40fed94f826d50950d2abe86d49f5babb93e12

SHA512
ff95d1f90d1bb46490b58cb4cc9bf3f9d58da2c4fd71381fdacfcdc32015d766b47748eb3f96fc71a6e4c1982a79c348adaa522cc808aa07accbb5412ec449db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
232068b9b611b8f07d2042427338cdf6

SHA1
af8aecfbbd181ac5e7dd929cab089cc70f77382a

SHA256
066ba112c6c1da44e7f7a3cba404e56d2e966212a862ccde72fefbd9cf6c0338

SHA512
c6fd25e8ab2e6c3dc7740da6c84949761f5727bf2e54fe395a8e0e77ed18e342f3ced7d7017b030a2e1d4f6482d70662b1c2550083b49589792cf59e70386177

Download Submit