Analysis
-
max time kernel
55s -
max time network
57s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
30/03/2025, 19:32
General
-
Target
6a12b7b86fb3369ae75a7bd341c724966ad43c5676d2e9b3f3c26ebece98239e.exe
-
Size
202KB
-
MD5
58cbd85f2fbd496c5f20712abb786080
-
SHA1
928506d27698894e474ef6b383e85539ba716c5d
-
SHA256
6a12b7b86fb3369ae75a7bd341c724966ad43c5676d2e9b3f3c26ebece98239e
-
SHA512
d7bdcc44dfddb5d70517d093064a5b5a5a3e8685237b3283635b3a54c32cd21c16ab1c60bebc054cd1102b95c199099b7e09cba315886f469cfd28aad74d7846
-
SSDEEP
6144:C5fSPMV7aesVbUsMlfyPKko2Jp/sjB+lHYztGVkglWG:C5fNdsKsMVyPKL8pkjB+l4zQVcG
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a12b7b86fb3369ae75a7bd341c724966ad43c5676d2e9b3f3c26ebece98239e.exe"C:\Users\Admin\AppData\Local\Temp\6a12b7b86fb3369ae75a7bd341c724966ad43c5676d2e9b3f3c26ebece98239e.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6a12b7b86fb3369ae75a7bd341c724966ad43c5676d2e9b3f3c26ebece98239e.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffe7450f208,0x7ffe7450f214,0x7ffe7450f2203⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:33⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2540,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=2688 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4852,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5008 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3788,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3780,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5468,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=4332,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6252,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,11706357932183741943,3146266555083712440,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:83⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=6a12b7b86fb3369ae75a7bd341c724966ad43c5676d2e9b3f3c26ebece98239e.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD501cc3a42395638ce669dd0d7aba1f929
SHA189aa0871fa8e25b55823dd0db9a028ef46dfbdd8
SHA256d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee
SHA512d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41
-
Filesize
3KB
MD5fe978bdca994ce22efce28f06321c3c8
SHA191d3a27741ea31d38740bf081bd995e503e80eb0
SHA256f380b388c12ea7a9a704e0e93bf1b25539663ec2b736bc3330598b6486222b0b
SHA5121c60b7472f8dec8d6f9476a661efbfc02c83ea4d4d74d33ee90f933ebcc2aaae5401d2374a539e937b8264b891d948c60d1b52b84b68a832a7638ece8301f942
-
Filesize
3KB
MD57b7d4ecc1f0ed007bfdce1d9f81b8b92
SHA113275bfb34636aee9e620f2e8ebde3a892b7ea43
SHA2564a4404d2891e0f4c85515f0b6349c91b239416ca63d2c275a593cbea8b8a382d
SHA512a47896c3b9f9566aff731274279ef96626ea50a06e579b5534f0e02fb9ff58a769df29404f7d2a6e44ab9eb0029b22c2b39c9698d55edaaeb3d29210d34f7203
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD503d9f8c8d54ab02a4e40480bffb06aaa
SHA12fe2bea679845b0d67505032efdd1d9986157e16
SHA256b1038217a35b7abe7e9cff3ebebd7253a3184d1b83934d707afbc3afc4779f00
SHA5120560c5d6a09343581cf6b8e4d9815c5fa2c59d6a8d9c253c2085f62ca40e68e6cf35166f90290ca5768cf8521502e27260a65e93ac8f28758c6ad0f6b2cad85a
-
Filesize
36KB
MD5b0aa6eeaa27afc0b4ad3014c34cc1494
SHA12ef7e5b1a93a1b1002eb2b64edc258c91f15ca91
SHA2568e40ccef3d0552e1960f93471ec35c78bef1be44e81d75f33d06ca44f6e159b6
SHA512506b82726cc6ee1312b01d29fdabbd77bda7acd0ea94c2fb656d5e22673c21c756c03e8f7c79dc2ba746f43ae60563fef333914cc5986dcfd60d70a77ac09a40
-
Filesize
22KB
MD5de730380bb097d4e9f3ccc1dfc107130
SHA1854d9bf9c7b99d51834f05d32d0891c03595c53a
SHA256c986bfc4b8cd261c163104115f3bf11242d2b9f523ccd2e580c5b58dde204845
SHA5120cd668fbad29fed8afa516665d54c8ab155337fc889f92236efb1d95292992d8b043e7bbad0b892ba287e85f2464a5782859ae5df37fb332bcdf7dce6622c9e5
-
Filesize
40KB
MD501fc1cee06c2c21ca3591fe18e845780
SHA1f66dd3a1bb0ecd20db444daa2890c4deb8c20f04
SHA256ae02d6b425936afa5017919c5fb58ffee35bd497d29fda9437fe416e771e7816
SHA512b83e5e78ad937f4b344dd6a3db98c737e0fb4e19fbc0eafd039e8e0f9314261fb23a7193fccae2f2a3f662d3b6a4dfd4b325497b982af7cca33d5a6eab543c23
-
Filesize
41KB
MD5bc3691eea9244ba91ab4cdcf28a048ef
SHA1a1ff4870a10db6aea6cfbe98a517a17ca033777d
SHA256823bf519804f9f9a7e115753b41e1c05b20c61b6b57e5ebddaa28b0c963e7c65
SHA512ef4c84e45b90d7bca70ffd32858122f98a056e6c5b8aef9a36d575023d18d27e44e77da4919435a20c860be7534fa70b841f00bf746079015ac235046a1bd3a9
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
2KB
MD54909bf44d0de25b87a8c5919a8a1e7f6
SHA176a8a0dbd35ecb92d412f3b20e2ad1ee15c651ae
SHA256342e736c90a084194bee5d044e8c24697ad1d19c9a3faea1171d68d1534b31c9
SHA51232ab212fcd19f26bb312fceeb00de6844c0ae0c3ee147e89f0a8acec40f25bd54b3bc16cec09e359107ef6452c2627850eda30769df912ec0529ae5351f8cb09