Analysis
-
max time kernel
78s -
max time network
81s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
25/03/2025, 11:26
General
-
Target
http://download-app.cloud
Malware Config
Signatures
-
Drops file in Program Files directory 5 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://download-app.cloud1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fff4a09f208,0x7fff4a09f214,0x7fff4a09f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2000,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2572,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=2592 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5016,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3748,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3796,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5920,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,17370802183787552051,12076493120378963138,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
280B
MD565044109d1beb8ed8d59560642cbc519
SHA10084485b0aa26069232fab51ee603682e8edfd17
SHA256a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d
SHA51296dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6
-
Filesize
3KB
MD58ef661071b1eeb67bc48bf400a7be3a1
SHA17544270c3049c61109ba0956c04fb53a99a70e92
SHA25674bb5696e315f865a1218ef5dd9415896fa5360940cfeaf5f15d53dd1c540378
SHA51290d72b7820ac79ce312d6395fec1bb165718c02f0e8f345c02333ef0ab9dd7b28f834800fb47a4e556c65887a2edc8636d015229dd875248daca5bc7b2510092
-
Filesize
3KB
MD50d026103bcc1e4e3e3053e442d5f8657
SHA1dbe98fc2ec92ab1e101144338e48295591eb3e78
SHA256443e44a01ee1f2f4652c37f5ce277b80db7fe3b457a668b0afca03f801db0dfb
SHA512e6de03105a9663f731519f4610e22d0ddf18a727d1509e522fd836dbcea9fef3ce1761fc0495eca253fc2b969c93fc4676461d90d69c321c8a3812be18bb4572
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
3KB
MD5c4891e993461209c1a26afbd2e738114
SHA162c3f4062ee0f2ec2c1c806fe2ad80dbe4b5f7cb
SHA256d42bf9a88ad0fbb8928193a76b1c748ea4fb9044cd46de1d2304beab38441e60
SHA5128c229eefa1b0f7879eed4dcb0621053fba9d5eacfe9d726cc7f58a36379a72f524387ed3aabda020a7aa2b5e369f163b09a6590dc5cb5263f34ccff59cf59b14
-
Filesize
1KB
MD5732d52741cc4eddbcaa6cd7ea263868f
SHA1beae6a0586038923ead5f356b7401a185004f77c
SHA256d5b33350842def4cbbbae4cc538e6d56f22f8d0747a3bf4a1b8184111c7f58d5
SHA512fd6f3e62d366a7b4169ad3be7693101fdb6f8d251e9396761e3b3f5cff138e5f13ec600d45b5bdd69cda079c22fe85ed4b8ad188217a2e644d5af6213eba6c76
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD53fece680b7a2a3ab00adf68a39154237
SHA114a051675ebd4f5764f043f931c7119ac4db01da
SHA2562dbe2b1711e79896cbb0b9bfefdd1a48aaa9f54857511a451cbbd9493ec19b69
SHA51212b5706cab17560ab8ceab8680bcce9483b635ea5e9601ff4f602fd8b39f9ebf914ea566fa7b75f1ed69663d70058e201c81b2d983b0b520bfe6b3926458809b
-
Filesize
36KB
MD5a3edc43b956db5427c848f8686c2fa32
SHA18f918176f71f8aff9c7172064708acbb2f48aa1b
SHA2565b191e96dc70f699836b060b503dca090106445d9c8bfb5dd9e17eb6a92e7f4a
SHA512767a2687433fd658f84b73467366360ca5282c6f8f08e369199d4fc8c0ef8636183d499e433c262738528af5f8649d58ad5b2f926762f08828cb393796b6e7df
-
Filesize
22KB
MD50e8bade853d1259abd8ab05a50ce4867
SHA1e786c810098c0ddd8fe60dffa500b6b31fbd14ac
SHA2566a13a64b4f408dd488c3c4586b372718122e2fd98bdc1eae910c3547f10a2316
SHA51201178a0abe21c9e1127151d064ba168401983d50bb7b070fa054c39659db060e2f67dfffabd687fc7e562539667594be84d095fcfbd5c2e13cc0c31d0462390f
-
Filesize
23KB
MD50b1673669c194c1f3e4bed3b6550f3e1
SHA14795a761c2ed69f5b28d49f735154e37f0462c35
SHA256f034e034235be2e9c67fed585e1b619c1c7f1ab6d00cb7b342e36e610dff6fbd
SHA512b3f0e403de290392a0b25d6c96c629450816ec6a5c6dd9866f9b7784f0e3a13e6e787e665e38015eef953be2291f02bb147ff20bbf892c659b46ef1ac00e8370
-
Filesize
904B
MD5e157fc7c5dc43df54a0d985b0641c562
SHA1b933b2a9a5003c1e896a7d45934cdbab1fdded32
SHA256dc616f4a1f3c6d5b585f098bfdc9fd0f179762e2e15bb8603e57b58e310bbb0c
SHA51257fccf010ada086e324e5dd7d6f741084e2ef3ee6e579dcae6df10eb9ed43764a6d2532cdc1cd015adcd918ed9e57e76f4e027e34071c28fe70bdb675dc3cb7e
-
Filesize
469B
MD56b8336d1e409417ecf0fe8c347b51938
SHA1e36489b2ed0f62d5ab785c5a63fa4aecd6597b5f
SHA25684d5afbefe9188f51ea7585191297301d1cbeef914d6aab7b594f6a4ea2f942b
SHA51288aa4c2e8858eef789b910bb6eeccc3da485f706cfdf3bfe275ea04c896a2335de9c1df4fbdb3ddccd5cd7a14828dcaecc1b38fad06e87b8660de9ef38dd9140
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
55KB
MD5ddaf95b50aa6862a671b5f5a77e88e64
SHA116d127d2e00b782b267fc7a0eae88f6412642e23
SHA256e735d067ae4d680793c6e27ab908bab0a57c46208b3e8c83f2e7f30d01f6ed59
SHA5129dd28e00d16ca35da79e640df7391ae3543b25e722d3667b3eef5f2813d7deba09173e6321b69de8d549386bb2b4134f6ef96969a21f0c27e19e4577cf5c2686
-
Filesize
40KB
MD556d951266c2b82ec6a20069ed5bca585
SHA14fe1dfb51d5b6f4e2635955c56f7e9202b806672
SHA2566a193f71c94c36e7025a1b91df5de0f49ee746833d4edb0dcde68fd730b032d2
SHA5126dd05fdae8c7d5fb2d72c68050002410739abf5cfdbba2311bd1b61594ae68a26b6d043ddd71919715de33cb8d2a47e24779237f0c77599480bbf03efd4f063f
-
Filesize
49KB
MD5e6b96e067bcc78b6707d445cc6f5de65
SHA15788fdbd263980f852ec7fc5a63a2537f2ae6d5f
SHA25613f0cb8a55d905ff181876b84b7e3e8ba77ac188a7990dfd413234e782b55e08
SHA512e394f1d43e6f6e15065228f9af423cae8e2addfce66f0856de32dd136bc08b1abfd3ef66824cb875e9a5573d4fe59b31a5131fbd5484286361d8c6fa473cafe4
-
Filesize
2KB
MD5198ec60b7c8aa08ea59e773517b2ff52
SHA1045a24c10f9e30c69fd9dd36d2af6d34eb3d0d2d
SHA256d9adaf6e5dd97525e9d0a4ffd4cda918f3758f7d24ea17446cf408389a69f75e
SHA512134c9c38814c26f835f53c7c276dadec534383fcfb8bffa615bdf6984410a1a1d4ce779adf224287e52e755a3feec130e8f8c0e06123bcdab491f5c069705f6e