Analysis
-
max time kernel
69s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
02/06/2023, 09:47
General
-
Target
https://www.klosterstrading.com/our-spaces/klosters-market-updates/klosters-toy-newsletter/
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 11 IoCs
-
Suspicious use of SendNotifyMessage 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://www.klosterstrading.com/our-spaces/klosters-market-updates/klosters-toy-newsletter/1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://www.klosterstrading.com/our-spaces/klosters-market-updates/klosters-toy-newsletter/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2d7746f8,0x7ffa2d774708,0x7ffa2d7747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1c0,0x22c,0x7ff653095460,0x7ff653095470,0x7ff6530954803⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2306476661376023932,17617884052540215941,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2856 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae2c65ccf1085f2a624551421576a3ee
SHA1f1dea6ccfbd7803cc4489b9260758b8ad053e08e
SHA25649bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54
SHA5123abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef
-
Filesize
48B
MD52b0169a3eec0d7deabaf8c7c77229183
SHA1c2f034fbfa188a7797dde95279dc0fb36b1c584c
SHA256951262eee463629ddee918ebda51e8cec45b6e93c3453a5632e0d48e53464e4a
SHA5125f1a65e5a63a1f7440e9b633eb6e904bb6d421ed7eca6cc1025597ebe29fd78416625d9a66bbdc98f21b0ec3a67fadd268df7dd79a29ab15a56d74ec6ec18047
-
Filesize
264B
MD5bbde06711352745b3de19a13768c4147
SHA1e7eb5fa06eb343acc4f4760f8f2f37d4eead95e7
SHA256c0e834650bbd2341f9433059c5f613be94a8acdcbd373f4fbffe1f9359111b0f
SHA51237cc8c84c17ac807598d4f12d8b1829fdfb75fa437e4f7dee854ebb48b630dddd149b85da558a0a8c65b283d5dfee29614d966498e89c7711c38e32613852178
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2KB
MD5ae2e964e4cc5c1bb0600aa693d57d35b
SHA13e2c6131b865c50d9c158a86de8eb4949012d070
SHA256a23ee34330b7c97eb0df05d7bd2bbf6852a19b45cef4be12dd326369bd8b744d
SHA512fe74c5975718a3a0b0a90d117d60f64f382032583e83cd4bd801e0cb64eb5be3343c84193843abb63f53b51286c5d6c66014e96ba3f87ee054f8e611e7ed58dd
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5cc94867db8734bc2564773bf4fdf35b3
SHA15c54578d50435719cb182c3abe0711fbea9b0739
SHA25687882f551807fe48560ab1ad024770e999ff30a42f2274c7209f90382a667b59
SHA5122b4458b37cfab25e7bc644ee828b3753c4647e03f204f40ce9b23dd0ed911d242e068186b77a3dff7d36e98a6cd9425c47002855d8d2ad30c33da67a2f459176
-
Filesize
5KB
MD5f64da6f323efb6f191b48fecd1075f8f
SHA13ccff6fe1b87df01aafe2bba76dcdd4c1dbdbfd4
SHA256e43c1edf9358c6d1be221217eb954c78417f793671c755af780d4a1e20de395b
SHA5129e0767b7a5126ed74a59590a0f8080fe2ff3e0ddaba723675c0bbbd86ad61eaf3804176ee5fefca9758ad5ce53031f19e28474f6b101de70d738dfb3336e97d3
-
Filesize
6KB
MD5eadd903601fc6755e8f844c4600c92fb
SHA113d60d5d64d9b623fc056a030d5a2e7084d3c490
SHA256afe33f2e51ca832f32ebb147e898bff3343ab198a11153176b1ec16a4c7d5646
SHA5121fb8443162ca3dd3bd81b9c8d96a515881342ebd866fe3607f1587f00ddf969881e8970e30103928e662ccbae924c28cf729a5b555c50817bc1685135dd0dd3a
-
Filesize
4KB
MD55394d0623ca9663f079f923c96e7c496
SHA1d9903f6ee68db81566aa070a74311eec395aa0e1
SHA2568c65789094f2200db333f63ec7a80b7e953c444208d26a867f1781fd7f2d2eab
SHA512b9609f2693ddf84c083da18f10f3a6337e48609601d8135c0500c3a4f998fe9a41f32afd923c43f2cb8db55a795c0b03718e2e8d43ca5c187ef875c9a6c4fdc5
-
Filesize
24KB
MD5b3fbb8a02260d5e41407a7e1af3ee2f6
SHA19180c8b9593405936b0fe52272571b63829525d4
SHA2568c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de
SHA5128a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9
-
Filesize
24KB
MD5cfd585ce0db9a1484f8223dc2cfce2f8
SHA14e5e287160c05ecdff8acdfa0899faa5bad4de82
SHA2560bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445
SHA512b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648
-
Filesize
706B
MD5349262c9761e1a72f3fcbccc69d02953
SHA1456697525ba957acd50b2e345439af4f05f27008
SHA256e70f4556a25f849689ca6d0ef31716697db2c15a59d1fc67cb870df34b69ff6e
SHA51258d9b0ff697ee80d27432f49fa9eb2b4dca243699fc12053fb72f8cab53a294165d9ded14a345657fc05148f31a1bbdc7385ed82d8f9a9bf99a5ff775f03e102
-
Filesize
706B
MD53106d6abca529cd68391990928345fc0
SHA11a4018c90220c51955f1293858675ce69d8ad6cf
SHA256ebdeaafe751c8a1654e894e6935466446f1a560c3c062b0e3b3cac2cc2a024ff
SHA5123f83afeea3519f327440b218596d1e8b2a71e8af063f338ff4928a290fbb363a1c3f2a81cc9ea4ab2822ae05221a012e340d045984139e415025f83fb70f764c
-
Filesize
372B
MD52e8843ab84e060f592ff77d949a95afc
SHA1150060befbc915194fabfc50e384e4bdc5a9c1c7
SHA2566cb6df0f333d6c4535a08422a7b465b577763e2e7d0f4fc949714a69afe0cbad
SHA5127f4e7f9aec330a1ea9eb7abb1b5ca2f938ef57b1a68cc0a83619686cf55e2fcdd9dcd4b281aa33451899b99a382db1755df572b3bbe9a6ed2f34081bf1007308
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
9KB
MD5f28c1c1c60a331754cb3a9a253388365
SHA1e147752a96bdc81bae81fe9abb4f2719a7b1a373
SHA2566740ec14a32d6971bdb4b638896f8720939785ad55f1f090eb141d613cdb0a25
SHA512214bc4ea56ac04f20e1614450fc0e7b73e3513a050996636641afc74dc59b0c9697fe1cb495992d223bd1c9a128976fbdcdd73943e08dacd2356b50dd2cd86dc
-
Filesize
12KB
MD50bb16e6347d626d31ce3c14c02f91afa
SHA1d7fc535c4f2f8c2e10c0f9c924b683a9d406ae5b
SHA2567fb1beaf53331316d2dccd1ede4417cb29d4f6afaaa33b9186646d3fa65ff9cf
SHA512cfbc25d6060daa86be8629cac73570bea0ba0bc11863b24a476c0701be54d8c4e470621ae7c108e10874cf9b31631a39c33f7beee0e0e30077be58e610b7dbc1
-
Filesize
12KB
MD53723286090683407bc213f464f45f536
SHA119b3f0c2359d47ec512b0a42447266caad96150d
SHA256267d04b52c84befd2f05e8511535f372737c4046e1a80b6ef5b58f05ca96c9fe
SHA5121e25f027579b0f45ac9d51685f816b1536017f3392fe3a109d460549a41115e0df452a2afb51c1a79a5c6e29b84adbd66501343a5c0e930229eb57a2abace520
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
3KB
MD54f259fdda955c5fae9c43c5c6f9db92e
SHA1aac8422bf5f22058d004540bb0f7b76162100e71
SHA2569dc58fda0971a225327154442bd2a519a92427f22951bb934a6037ddb457899a
SHA51207ccf9a1b7858dcfddd055e21efc8116d2164dd92b46f2c2fe4910ed5c001cc1d7cc992861a4b7575bc8f4b58952c129ccf80b8302ab438f76c2e299d358f252
-
Filesize
3KB
MD58b89195bbf7a308604c51eac1074455f
SHA11505bb1ffad69a478004432515cd5018aa8063fe
SHA2560d89f753cf767c67e8b7d7f63ad5ac6bc01464a97034de4439a83756f1cd9159
SHA512d6680e3503e272ff03fb17957812ecbb7db387c82867cabb35b169dd4ca6bdd7d2ebfd1ba622faee91c77434729972091989fa46a13591b81c4ec4e2df4ab914
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
136KB