Analysis
-
max time kernel
116s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
27/11/2022, 12:31
General
-
Target
https://wecontrusmil.page.link/WoQJ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of FindShellTrayWindow 44 IoCs
-
Suspicious use of SendNotifyMessage 40 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://wecontrusmil.page.link/WoQJ1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefa994f50,0x7fefa994f60,0x7fefa994f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1096 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1748 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3284 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3464 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3668 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3716 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3604 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3896 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3664 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3996 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1080,7250829671872125216,2047590442576589799,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1480 /prefetch:82⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD56639eb1615140cb765d60da56623de3e
SHA14eb71b48df96868a741eb80913acb9ffd022a89d
SHA256b5d1cd8dd63ac99b9c47e157187621fbf2e6566a8e6d96b9e17c16759f2846b6
SHA5121156c3f805bfead9f2265b4a5c01ec7bbac8318918115fb53a0865c4857f558a411255f34a099b09b9ec9c2af8ecc2e1301efc9f7e20b63c2454fe15056902d3
-
Filesize
1KB
MD505f7bf88033198e3e8a17bb18181c284
SHA179f25ba7c4d0201afa52520b8116843ed5283717
SHA256c1c83e400d3ea0543bd1a37834c148d1655011f94f201241fe11c02adb4b775d
SHA512480487cd31618843159fe70e8315ed4635576dfbf4665281fd81d0561a38b224b21241ce2013ae473bfba04f0b2eb04137dfa351d94049225b29b008a0c82573
-
Filesize
279B
MD599fee525c43bb2eccdf96775872c174f
SHA1fb9444b5024a100b6c62dd72098f93b548ed14c0
SHA256949ff0ad176b5e77f88d82a4fd4e123c5b399548461637cbc3f1f1b918326573
SHA5129dc4046673a5df6677c5b33c579f55346493df43fda3e7ef658d465974baba4efd5464a35ced5f2bfbcd0ded58e89e3ed4f8daae2799819737ef8d883fd1ea46
-
Filesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
Filesize
472B
MD53a1eb1b0faeb00e2c129b3e3990a2c89
SHA14fa8bb12887014105e7e4982284dfbccad830db0
SHA25631d22f4d2efe8e818073ebf1eb40c493597b9c2fea4b865dbae2e36acff18d50
SHA512833db8ef51cc1b2fdaab4cb14751f2b1e55acd2394b7c4edc048be1b5d333f3d190f2f19ffe46b112b519290b4b49efcfe7f9f060136a3127ab7ebfa76d36d12
-
Filesize
410B
MD515279e176c12132b3866d5a85547cde8
SHA152364925cb8517902b9328b05ae6bafc6dfb1b95
SHA256e460d6d55ccb46be5c0608a7a078187e87232e2f895207f9dce31a1aad3543f1
SHA51247f9f159d7b3881b34ef8304b76a19990d65f4e400e1b6a13cd20fe8c12a096dc34c1392416ae0245e66a4e3718569176dad6a77410662ec4bfd7a4715b6ef43
-
Filesize
438B
MD50e6289a61c78322e07532079bd4e2a0b
SHA130e9992f387c306aea91b37fa37e14d06042e8d0
SHA2561d44ff378182daf411c239c833359181038ec288e7b32213f9766e6d954ac3a2
SHA5126f86cad6ae74df4a7c8338ea8edb342dd98fe54f6ed9ef4d9b8db00689761202d6671980bf67578120166cf83ae5663d0a0768815eca6808ce9127d17e6071a7
-
Filesize
340B
MD5713d4e5d350834d09ac57e2066125f7c
SHA1611ea3b930cf10c9b923b965832db653ac85afbd
SHA2561f7de4d0ef1bcdf2301c8bab11ea1bea227fcf1cefd383e3a188f38a1518d4c3
SHA512e521a09149336f2d7e20b55d679f05c7ee6558c8f90694a564e115f7245afb1bf01ed0f2ba5242fbac8ee11ccf0029fd087d7224e89439d5917820d6840377f8
-
Filesize
426B
MD547142d7ff96e0f48cfebf425b7fbeca3
SHA1825e471276d3e48939fcd1ba942940a50ecae169
SHA256b9939ce546daba4df724fc990f0737b690bb5a78cf51d467c1b347097fb650f5
SHA5127601efa8308c3c973945ec2f45132d99e186f464cc72c80cf2da26668c71b97a9a6f0f1aa994d4837ff4880af5a80288906f077d3cc4bb52000719674b92da81
-
Filesize
392B
MD5cb8e6f913945c53b6499e59ef971f884
SHA190b12d93eadbe9a3a1b3026ff86f7063fe73e118
SHA256380b4e974fc76d7d19172ed440843d11555d888cb6707b898ec9295ac35f7fc4
SHA5128bcbd6f03a8a5262673dc702f3d694c19c2e586d0fdfa7084232e24c88a2539011f91cee0743a58cdbf78d89688bbc59b86f51bb86d537b9ee28291adb829958
-
Filesize
402B
MD56bbcba844b0d6823d6d2bb1db23a8065
SHA1d019a97bafafea9673fbcb3ffaaa6040c3e7299a
SHA256f201152d187193dd7e57a09cfabe5b3cd688e76df4c9ddb90beea53cd00912ac
SHA5127e393f0ddada502f81f6d77eb1bc3cf925beb4c70f86d205890f51c10d5d53ed6d6598406c9506b91e5468ff6c94cd79863fbb11b46899ea8e13fe92f094c78a