Analysis
-
max time kernel
1799s -
max time network
1686s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
08-06-2024 07:58
General
-
Target
https://youtubee.com/
Malware Config
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Signatures
-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot x86 payload 1 IoCs
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request 30 IoCs
-
Loads dropped DLL 2 IoCs
-
Program crash 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtubee.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef94246f8,0x7ffef9424708,0x7ffef94247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5304 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5760 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3436 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,6412878973652787710,6955491621308118939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"1⤵
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@11322⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f03⤵
- Blocklisted process makes network request
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 4562⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1132 -ip 11321⤵
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 1362⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3844 -ip 38441⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultefb3fc65hcb19h4592h88a6he960f27c515b1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffef94246f8,0x7ffef9424708,0x7ffef94247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15107628407076908447,8560077059618609806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15107628407076908447,8560077059618609806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5059d907-ef39-4850-97d8-fe1d297e613b.tmpFilesize
6KB
MD504d47f7b63016f0200df3a324b07d714
SHA1a7783d3996b2577f7aa4dd70880407a327443d3e
SHA256e26468f7e17b7058ed1b2af7fdd3a4f50156a4a97578fd76c1d247053046bc68
SHA5124866a18d260268b7ea3dd10eb14a2ebb5ad32f5c62046c0135548d0f2e2bbc30414eef3ed1ea27aa6a9471f2d0ce58941cfc43b1fbf4f48033770e439820183e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD51cbf3bf7867b612e0ffd853de4016850
SHA189d417657d539d27d1108b6be856006f259dcc3a
SHA2564b4479df011e66ca75b6b4f64acadf2d48e4ce464d97309a8470c708264ca716
SHA512a0e6482b0ea0cbf3badd3f37723031f6ae99e2a897dbbc65339a66fc61f49d89d6898296f200b9b2aa2cf5e57623e7a4be7ccda22ec24a05f3c9d265faa271d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
576B
MD545742911fe14863da8e130ceeb7d8955
SHA19c1bcfbb93d922d6920a00117c138559eaa7eae4
SHA256332e4b577022248ab71ca46fb00670c785f5343c79f5240d02fec588a1b4726c
SHA512d358da55764726e52849cb445faefd6efbf0da229c34ce6b74a21a698f884f7913037cb600950d015bb583c2a15eb7c29b7bc4e67e4521d02b2817fc56eb2d94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
5KB
MD5b83e1af5819c53d53e787a0ee410dd7a
SHA1cb833ed155fbbb8c2f7f7228512a46e3fe6b030a
SHA2565cd1045fbc4c73147c379e2bdcc2903205dd286ab94fafb7740f8fc61222c764
SHA512b5ef2e57e16569dee19efa141e2696ebe8319bd6525edd397ed0960cd8b75ba1096f238c7d4053f59b1944a2209ec0e495c417557571a6fe6ce23620966504df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD575a74bc4530e484fee04f53e7e334c78
SHA16802eead300f8992baae3b0d24afadc447377ba2
SHA256137a261ae7080b8457acd168e3ca18c70d1b4006c02772490c48ab2dba703d83
SHA512cee20fb04f16395132a4a311eedda15df1d4beeadd79f0ae5113370c1275fe3dc2882bdbf9e97838c750a36d31e2f556cf216bd6684d17d49acc29cd1624960a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5f111cf1a1ca6342b8cb335a0986f38d9
SHA1f35f70e698daf827e5dbdf299ce1463811a7bbf4
SHA25687a3f2c4a0e3bef0f48158ed8458811cadef0a496c5697d969b96d54d095e691
SHA512ea7b475de73aa3e822889da3e77c218c89fe20dcf379d9f517a12c7c722092f2e46ab84c1bc241c046640fb592677cc36599a819f80a95ebcbacfe504b8a6b6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD57a7557b927a3ff8fff6f0004b2e1aa00
SHA1b60befb7c5a6b6becb4be756a5760d7f77a91dfa
SHA256114739387a9cc6e1e930168c9392bc2215ccfc3a279532a3e9a3b8030f3ea7c9
SHA512af4e127dbc6ea91c09389991ab123388071690100f7cacb5f061a88bc5ea62b905a0db3ec9c56e939981ddce6f40d0d2f5a4dd994e1113fb1044b4d9f678d615
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD561ecfe3ab61fd5de24dbe6fafe469fb1
SHA125c83f67c3c05b487f5dc7810cac589d7a1412db
SHA256658fe56a83ee758fa4305d86a91fe0e2926003a010df6e3773a8f4ae5e7c5ffb
SHA512b677ca8c6f7c880f40a97e4106f042f66692d90fd29816b827fc413e10eecacdf8b6663fafcc2f8807d9ff04801a5605ab5908d30b4f52432eb2dc01dac241ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5b112040702fa6d52ee0ca23a55b5fa1c
SHA13212e13b98e6a39da7f996be6e16f7a4ebb9d990
SHA2569a6ab2b1e544921368df7acaccdf5d7a8fe0966918eb10154bb5654b06d82349
SHA5124085d7104cf969256fea2ade908e59083312bd51ae180a92391dbe3c5093255be0a2eb40d4a3090bf17fac2d46d6ea2b7d4291b4fc96d690381c2d7c9e7a26f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5f4b9ffc6fed0a24b2af24e51bc3264f5
SHA1f18238cc9fbbf6b151b0512f64de18aa98bc07f4
SHA256b9f4de1ce80e4a5a0664a024c3e58cd643454c131316e7eaa7bcc17127ef2d87
SHA512524cc46a5d4bcf20a40b3d610b3338378bbb9d01ff35d2bc83a20f6fe2d4d20beeef96cd2ab545832627eef00d9f79ce9c3bd44d6995291f7dccd30f2756083a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD578750bf9432b55659e72347c9a318817
SHA1c5eac65d0d07200e5fce8b0d8952affe3e66a71d
SHA256efb29e512c391eea8d2a174d29bda07d8e11ec30eff199419c69214a9d18de20
SHA512763724a695c3157c19a9375734d9e4284616a218d5d325afda2ab2b78c837435545659d3ede20fb08b7185b09d7add1724eb967d51347740f3537366faa14f4a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD55e9d154640bc4d81b88a7e55bafcb2d5
SHA18de103ef519cb3def2ba7714eea79b16021abd38
SHA256085be9da508932409da65e09b5eaae54cff11e8f43c9170d5544148edf3589bb
SHA512b3d35db7147267472c2816806571da9f87b111e82fc1c6b983c53dbb5834dacc8be84546ca34cca0884d378fff94e189e005517606f6cebdb4190d25321d1554
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5025e482b0e59197fbbc5eb0d686dd3eb
SHA1bac27be271dc594a5c94522a39875de3bdc515e5
SHA256b6068cd28486476235d707b51111d825bccdc2dc134cf2e4bcd4843e975d744f
SHA5126e973c8538a80781cee2111ba9e2ae5155848c46afd49289d774d07c8f8a6b9469ee01a3a0451d24cca8e6f0efac415b368f3cb1090907c151b0b06255fddac3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5d7a6a45b73251536540431413b670e5d
SHA1390edb5c7d1147b7860a878ce05dfcbd293a92c0
SHA256f7d2379b851af75b5a6ab04ad5ad9824c6732326ae1ab4385f4b8b9aea942f80
SHA51287b7a0afc1c51673500cb610b97b1f037c35844a39aa197d019f6626b51cc2163bcd0f954af233a0db08fb48dad2e8a532f1fe2f93c54567b75e7425304e8da5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5bc8941e11287fd46c432aca21cf7dbd8
SHA1b2158e758910cce4d335affaca9e3973a71522df
SHA2568a7ef815b74560a0ef7fdbc539d9e58a4cc76a8e942d83f63861733dc1fda5b3
SHA512d8b6dcd8f487ac639e4c2b4b48a7d3a96b132838a3968be334c469a067ff653d8498c4093f60e24f0bd687a2f0757a4c57c15b16cf206cdfd0166b6fd2d87f8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD57eb30a84d532caf48a525273d549f529
SHA19b84c342050f69fcddb9d3e54b14caa2670f3492
SHA256d9ff432163fd4b898c926f33cd57ec8159075fe6086723dad54305194f02b7d4
SHA512cb473cdeb9a244337adce3b16f22a9ceeea1e1689700236574760c274c7724eecf08a0422e1b53724a11e3d0668b9a72b44cdd08387add419a597911d737cb1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5cd4ef95569cadbc2f18ef6743ce9827d
SHA14414bbf8b627f8a59d6ee95d359fccd5958874d9
SHA2565be636ec347912d2cf61e9f332e9089a79c116776acfedce18baf969ad87bff1
SHA5125beb867bc146026d0352d5a1d45d3b13f7e9c2b94f32c3b2a8e2ac25fbf47f649b37f4558fa0b1dc25dd61db4dc8b32789c32d332c8fb089bbba1b911cd653cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5b06521224ecbcdc17e45fb8b67ce62e2
SHA1d818edcdbe50192e1ef6f0e6c15d505117614102
SHA25627a83915ae57c130e96c5babbf6cf82e28acb5310010a42a3437ef49d5a165e9
SHA512dc9cd01e175c694a9d4a25d1cea2682a46684bd5983db3fa094b839a2ec2595ec798f5c9013e1ec8b86c3019cd5069f3effd69dde75656eaf69b365c92142751
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57f1511a52d7d8f5525e5baad82ae7edd
SHA1024c634eaa0152b1ea03167d09d44d92019f545e
SHA256af4c7731aca3ee6fffb57900282d7ab83846b2df9ebd5943f279b3e1b18727b7
SHA51210afb968c1801bfbed50812b16eab025a379dcae717edb813c669e30b4dcd79a209f8840c31b43f9926d6cd086c859115a307e642dd2ebb28ecd5978bd63ea36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5643b94c22f4092663e650f90fc2c4c2c
SHA1cb8aba1ff356a42ac152e3dfc7d8929330ffadb8
SHA2567163189a88314e1b9f8d444e9c40749821584cc84d9fbefb63441c9cf4ad7917
SHA512f5d8dd3b02793c6062409e83cd87fdc9203bab5e5a7c00c0729d1563c3e7f1313e268a619c992bad6fbc5ddf616f2e705a4fc8a0b93461df8c63c1d5130b68b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5902e4.TMPFilesize
1KB
MD54158f8129d4e18b53a5514450cb74b94
SHA1b69af4f31fcac9bba72262a89213467506b85dfb
SHA2561bb881ffa7d5449f660c47f6699b956bd380a03e8e94827e35615d8f799557a6
SHA5121a7830a32f93a9141d26a84506e153e6eb19ea3afa1a197229d84c6f75a3247b26ab08a2842ee1f866e6b62ec287ce89ec49af1dcf791b0edc330dcf35afedc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD544ffa22174fe3898f841b0d693183945
SHA1c1c07cf9233df1b0e806dadc7e08673433917497
SHA256eac2a66c664d0e8d7546dced7af0745a81a8e77708b2f1545242a591a64a14c7
SHA512e70490014adecf8599ab4c2da8f5e09631f7372435c1f2a8eba36891583b97f82ee773359cd7806799dc9ca42c01033574dfa657e323b5a0caf10c8164e9930c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD57d8162a5a403aa72355c3f4c35988773
SHA1cf2c2634d9f8d91914f97dd371258e9673c79845
SHA256b7923277546462e4f26f0b51bd92a5dbf4d1161ecad6c7de34f1e6f886432a8b
SHA512b4e307cccdb5575ea3c962affa984866034c382f039c2d8ae9996dfd7517f8809aafc8040605058b47babf192cab968a904813b0ebadb7b918edc9c669de6a64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5eda3b0f73c6600744f38d296f23c5e3e
SHA14128a865693c65046f9e8cd04a381551d72ab51a
SHA256ef324b42c9af70b152faf8a365a6c6d6853f7b408f2d6d988dc7db72dd3ca15d
SHA51263087a9df9965609ed535401bfdc71b677183c624d925f3227a198c8835adbe94983de2271523eefbcf578f49ffe7a0056cfdb61f222ee208d3def62cd03abcc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5c1e86eb273484752c3edc9177951d900
SHA1775245033c6f205eb93dac446de9d5d344a87938
SHA256e3be08d249bcde7f718ce2d37322daaa2ea2ab53bfb1b75041db628bd532d1cd
SHA5123c1a884d10c24de47e6d55b2f5514ba6608180754cb0119034a107eb4345faa5b184eb310c689886a713b28a538c8329d612db4134742945feaa875816ef9bdc
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
14KB
MD5a301349e42493ad489f11027fcd9725e
SHA1080db51fd43a622ecba282ea7391cce878301458
SHA2560f1df64c4b19828d846c8f480d21503773de48f1aebee7720c0a53df8644d0fa
SHA512183cce5b8948f55f60e531069f9dd2758e1cf91b145fb2f4a30142a4986a8cb4c2011f1ec3f216173cb074bf529b142f8b2c14398853daba6d0c1e3279c13284
-
C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dllFilesize
2.4MB
MD57e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1fc500153dba682e53776bef53123086f00c0e041
SHA256abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA5120318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24
-
\??\pipe\LOCAL\crashpad_1388_KYWZQFJTSIKVROHDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1132-830-0x0000000000400000-0x0000000000AAD000-memory.dmpFilesize
6.7MB
-
memory/2436-831-0x0000000000400000-0x000000000066B000-memory.dmpFilesize
2.4MB
-
memory/2436-833-0x0000000000400000-0x000000000066B000-memory.dmpFilesize
2.4MB
-
memory/2436-948-0x0000000000400000-0x000000000066B000-memory.dmpFilesize
2.4MB
-
memory/2436-951-0x0000000000400000-0x000000000066B000-memory.dmpFilesize
2.4MB
-
memory/3844-836-0x0000000000400000-0x0000000000AAD000-memory.dmpFilesize
6.7MB