Analysis
-
max time kernel
10s -
max time network
12s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
10/04/2025, 15:51
General
-
Target
https://emails.microsoft.com/dc/0ZMHDudPdRaB3JRbwi9KaYlOKyExhPfQo7Am6W1-QN4k9PF1H9DTj5kN1JZ9QWw7Jlgb8scxWaqf1-5T3sOR_BzAQrn60vCqA_uIL1vbLPRP6N3m2pztt1Os6HFd_DZj/MTU3LUdRRS0zODIAAAGZvypnXd_kQfHZzU7_00B8pYflBQ8c8qatmjxoJY82D9xljWo3UYyJQ0qMQRsaIYsqhW_5vmw=
Malware Config
Signatures
-
Detected potential entity reuse from brand MICROSOFT. 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://emails.microsoft.com/dc/0ZMHDudPdRaB3JRbwi9KaYlOKyExhPfQo7Am6W1-QN4k9PF1H9DTj5kN1JZ9QWw7Jlgb8scxWaqf1-5T3sOR_BzAQrn60vCqA_uIL1vbLPRP6N3m2pztt1Os6HFd_DZj/MTU3LUdRRS0zODIAAAGZvypnXd_kQfHZzU7_00B8pYflBQ8c8qatmjxoJY82D9xljWo3UYyJQ0qMQRsaIYsqhW_5vmw=1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7fffc0cdf208,0x7fffc0cdf214,0x7fffc0cdf2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1768,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Detected potential entity reuse from brand MICROSOFT.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2164,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2504,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=2644 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3420,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,12621750686923404925,13712421541273757928,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5df2d1721cd4e4eff7049314710dc7c11
SHA1f5aed0158b2c0a00302f743841188881d811637a
SHA256ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA51211fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
17KB
MD5ca22881e75cd6242950f31f16ca5733f
SHA1fb07cf3e23b139de96cf68d920c2c8485b92d52e
SHA256aaab7405566d55fe46ef3a44c8898264fa4827494fedf7905f07cdf976e3b3fc
SHA5122cfcc1f33a25441822ec6807b09f66976c843f75f95d2f4da14f04d56edfa3bb801685ccfb993a00a30e459ae01944079cc9af8ecba4013a0ffd4b939c64d683
-
Filesize
22KB
MD5a878955763ad06c5e0a326ecb39f28c7
SHA1f6f41545d0a16a789c7d0a8bf2937f874bcb3955
SHA256f6c12d42cecd417deae9e1a1975afa0ed069d89d55ded8c05cdb8c61c18ad2ee
SHA51243b5cfd33cf6f63d136b7d757def792322fdc15fee15c4a116376be9aaee101343a567d55490b9f6640e3037ffb836c082e65e25556259cab279f0918a48dad3
-
Filesize
41KB
MD50ecfaf99683910efd5f5338b3d9df6e6
SHA1635277dd1a756915e3523a89061283982948facf
SHA25644be8856247119de406747faa72cbf189b627aab726ed94e4ced7bc34b6e35d8
SHA5128c2965e6ae6a0e64a6b6700e3013a9ef8c1315b15c79e58168344fc94e30ea570a9467363133d29034982f8b01c95bd365e09a56659f5181dc04d66fa5e81f5e
-
Filesize
40KB
MD581ab18d3eb9cf2a305aa74157b79e6b3
SHA1f9d8b9a3d57a974b17d5a5d5d09faf2bf5033b5f
SHA2569856bac7ba258e244d008756ab3b79eface916b869249af688b0ca4aa7a795c5
SHA512638206811a7718a2ca9e14a9ec0b36bd62b0bf48edab7e50ceb478e6043d48247fd4bb1de0f3ca943c635d16a7598aa11b98fa2e288067839a7006686136023d
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
2KB
MD5476635b06d74ec15948e0bea74c7b036
SHA1150869a5cfbc1511597ff845bdd313b203dad69f
SHA256dba2be18f4bec9b097ba1711064cc6a9bcde0c96a289b41720d52b315667d4c5
SHA5124e92012babaca5c30becb3d54bb4aa6d3654be1829f1fc8f314d819109f2ae0bc5c95580f5b711abf5f632dd522623fe8d864a05dbee1b91e021cbffbd3858c9