9796603583daaeff330ae3f3646bdb6e904b160233200f89942d70523779955a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1831912da780d89b5c74452d6dede77b.exe
Size

894KB
MD5

1831912da780d89b5c74452d6dede77b
SHA1

fa94ba62dbea6587536c284836a1b6c250fc9ce7
SHA256

9796603583daaeff330ae3f3646bdb6e904b160233200f89942d70523779955a
SHA512

00deab689e5f2af6541b306b6a6eaf1c0230460257ca59fca8f2913f7f6bcf106149d4c41ab18e34fb5e39bc09c083e30a83512776cd33614877c0585bf06381
SSDEEP

12288:KqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TH:KqDEvCTbMWu7rQYlBQcBiT6rprG8aAH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1928	msedge.exe
1928	msedge.exe
2892	msedge.exe
2892	msedge.exe
1276	msedge.exe
1276	msedge.exe
2508	msedge.exe
2508	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe
1276 msedge.exe

pid	process
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

1831912da780d89b5c74452d6dede77b.exemsedge.exe

pid	process
4760	1831912da780d89b5c74452d6dede77b.exe
4760	1831912da780d89b5c74452d6dede77b.exe
4760	1831912da780d89b5c74452d6dede77b.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

1831912da780d89b5c74452d6dede77b.exemsedge.exe

pid	process
4760	1831912da780d89b5c74452d6dede77b.exe
4760	1831912da780d89b5c74452d6dede77b.exe
4760	1831912da780d89b5c74452d6dede77b.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

1831912da780d89b5c74452d6dede77b.exemsedge.exemsedge.exemsedge.exe

description	pid	process	target process
PID 4760 wrote to memory of 1276	4760	1831912da780d89b5c74452d6dede77b.exe	msedge.exe
PID 4760 wrote to memory of 1276	4760	1831912da780d89b5c74452d6dede77b.exe	msedge.exe
PID 1276 wrote to memory of 2336	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 2336	1276	msedge.exe	msedge.exe
PID 4760 wrote to memory of 4860	4760	1831912da780d89b5c74452d6dede77b.exe	msedge.exe
PID 4760 wrote to memory of 4860	4760	1831912da780d89b5c74452d6dede77b.exe	msedge.exe
PID 4860 wrote to memory of 2872	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 2872	4860	msedge.exe	msedge.exe
PID 4760 wrote to memory of 2276	4760	1831912da780d89b5c74452d6dede77b.exe	msedge.exe
PID 4760 wrote to memory of 2276	4760	1831912da780d89b5c74452d6dede77b.exe	msedge.exe
PID 2276 wrote to memory of 3116	2276	msedge.exe	msedge.exe
PID 2276 wrote to memory of 3116	2276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1540	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1928	1276	msedge.exe	msedge.exe
PID 1276 wrote to memory of 1928	1276	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe
PID 4860 wrote to memory of 1972	4860	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\1831912da780d89b5c74452d6dede77b.exe
"C:\Users\Admin\AppData\Local\Temp\1831912da780d89b5c74452d6dede77b.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be5646f8,0x7ff8be564708,0x7ff8be564718
3⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
3⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
3⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
3⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
3⤵
PID:624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
3⤵
PID:1236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
3⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
3⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
3⤵
PID:324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
3⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
3⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
3⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
3⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
3⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,7688447825075039736,17794828691175541755,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5508 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
2⤵
- Suspicious use of WriteProcessMemory
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be5646f8,0x7ff8be564708,0x7ff8be564718
3⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,288220585431324742,10347699743365346183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 /prefetch:2
3⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,288220585431324742,10347699743365346183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
2⤵
- Suspicious use of WriteProcessMemory
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8be5646f8,0x7ff8be564708,0x7ff8be564718
3⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1532,11476949910840493440,4831523402370576778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
3⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,11476949910840493440,4831523402370576778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
cb359d687bdb411690cc4dd503b41e91

SHA1
be7c0eb4c801f1150252b05dc605b4106c5c7aa3

SHA256
8757c2b12371bc40c87fc67523a9c19ccb126605582c6887d829940492a41477

SHA512
7807fe3c57485e32bdbe84cec0191cf04123fbed75600c73b26686fae65da24a2c3f6fc8b540e3c283882210a13f51d8aa98a4483dbdabe0fa01287280146972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
4028aab41079145ce7aabcd17860147f

SHA1
123e91200da062c7f58c1d9dd08540202704e228

SHA256
ad2d57ad62e861021665ca09686e0ac8cf498e748c9385041ce9ed1cd05fca0e

SHA512
7a79be23ae4ede13cb5bc47c1e20d392678ce8bd08146213a86905125d562bf2d82746e14481209dcd3af507d2673fc50262d7aacd82a31f602b7092e11344f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
9b6d77032999932e482877a251451ea1

SHA1
f9a3ea240a53c3877840d94afaae85f71141c083

SHA256
9fbbb9ce6911e9695ceb140a556a9043693e5f2a76a235b47cfbd98074b7ac4f

SHA512
e340e965d01fb65dd4e6fb8f7a8f497b7b8de6ac2b4cff8f9dbe8960dfe2a9a68b01afd12e5cef7c1dcfe509ec855bed556199377e1f50330e36df375cfebbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
02d4f084eb888743235d48e1c46c58b1

SHA1
bd7de6760cdb15b7ae3092a96c27890f48f5f949

SHA256
315bcd4353bd430e474d8ff0944141ca679d6cdc8a8690d7319c2d7bdbad1f40

SHA512
fcf9983e8cfe130027a62078dae36d180792122c69db531e7b66c06d0498b23ef78d846261229b7b7f561ccc3a350e5d3660c21d7c2bbf9483ac0c316ba80953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a272e15092f18c015c5fb7204098fdd7

SHA1
87629593abf1797aad4a25a5e3c4095ae5e56f5e

SHA256
df04ffe059912f2f6e3ec7b1a9ae24fd947a4b9faa0397550e41c8d78a9fd8d4

SHA512
e2d89644321f63903d9447ba5fb1815b45835f0c9115063fddf581c98319ff1c136958da919717e030d879471a8f66d163c2ac40fb342d4a860bd20f8005fc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
8ea390e38bf4c41f9f61feed6fa8af45

SHA1
e9277bca4da010bad07bad0927640368615c5666

SHA256
ce3a7c8aba955f6ac2f252a8d74460ce516acd3f030cb75f7e90316706392d9f

SHA512
db3b0e4768161b5dd6fdd9b1b1ea783c3b36e35220ab4c9ee95306cab1d16bc366faa057555f602120f59dc1ed8ea5fc063d187bd76ef63a219b470452832300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
418208af6f681ff9cb5bc78934d265cc

SHA1
bb0d453cc2662d2f00d5decbeadd574533f00569

SHA256
d1a10b0ffeab9d4135b8f616597169f03244c0d5093200adea83483c4d8d2ed3

SHA512
7ae901d6666d84b1709ed44380074c358ac2fc50c3f5794af1d124334f7ba0baab9eb35a47106bb355d9773c2d8bdf64f693455991eaeb552c7bf87a4e275f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
8b65a061afc9531393e95840b2c97203

SHA1
3f781835e1cfc87a4dde2205c531d7a718f05b28

SHA256
5c2c9ea571b86c78698e99ef48fe9473ae206bc3a8160edd793153a0e269577a

SHA512
26c105bb8cc72659d7873901d033cdd434817db10a9fd3887a0f013af43c002f55ef4da1c331d8662be1e728e95dac552da1d42d209cbe97220489501b3aef57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
5fe0513b1cf3bbd0279b2279e7316588

SHA1
689c74f6fa422631f1f4b17d7ce3ebe60550a551

SHA256
32af1bc10603a016a979c8f085801bf56cd0c52b8ada5d76766f7a5e33a417dc

SHA512
f3866b6bd1753f000239d5ea6f6726ebf390251f2852ba6fecbb960ba234ec8c0f7a9bae50484d7b4e8218825f9fd7c1bd8e684c3a9316b54e5604fd4c2c4e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579654.TMP
Filesize
707B

MD5
7895dfe657e9f24c2d486d1cc7382bd5

SHA1
4816955ce023ca7405d940be0bd498fb73d792f7

SHA256
0c8df405a9b3a1fc931b11f7d66dded006e438e3e6c8efa2067e234607988937

SHA512
c00ac52ca4ef54ef12093b146862115e49df75c36d0b005a673049f91bb325145acc561c6f49c8b501c282fc138786e20951f194e4b4e31dd11845bee139061b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
119d4af9917ecb4e83fffdb5e521e1ed

SHA1
48571a2234c5e711aa574b8f3ded3a4a0dc1c438

SHA256
c1ed2077a8aa370cbbde6e4a166e4c0b7c99cfdde609cfc67d046695a14578cc

SHA512
48ebdb1ba1f636e44948745132fdd4d806beb068a80d4665cd2ffb028449292177cf3686d36d9bac8024bd5a69129aa1ed007c9b92bbbec3f7344a513a9ca3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
8493d7a4b50b8d8b63ce325b46945c36

SHA1
4da53d58f48731f9336b0b104092487998e14b0c

SHA256
1f916d38418267cb405db1751ef64fe62976106dee22ebf36e557b20a8b7735d

SHA512
1147e0b13326ba3e0205698bbb29883d4e2427bc451cbaf174b1e5d335687513851b184bea18a88c294f98d45a502c452542fffd1fcb9d6c797e5036475ebfe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bfc29d9058e19bca38791e597fe75524

SHA1
81a2c59532d6bc95a3c17f6168086746374662df

SHA256
88fc1ab7347feb71815efaf01c3acca9cca6729e0c65b15a99ca19e508a7b488

SHA512
2a637e7ab1e508ce8712681d8b4497be7658c34a486a53b870f1a31505e58ef40fb1f490a6ff2f5cd65097f618912aa9d7a7c985a182e394996a3fa8f130f370

Download Submit
\??\pipe\LOCAL\crashpad_1276_UKJPNGHLNOMDIZSU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit