Analysis

  • max time kernel
    100s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2023 03:39

General

  • Target

    https://r.srvtrck.com/v1/redirect?yk_tag=337_47d_c3_3b6f&site_id=56e7d51be4b05d750682348a&api_key=abbc5236946676eae219a734c0a1c5e8&url=http://mateteynostrong.com/madly/inhale/turbocor.com/Z2Zpc2NoZXJAdHVyYm9jb3IuY29t

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://r.srvtrck.com/v1/redirect?yk_tag=337_47d_c3_3b6f&site_id=56e7d51be4b05d750682348a&api_key=abbc5236946676eae219a734c0a1c5e8&url=http://mateteynostrong.com/madly/inhale/turbocor.com/Z2Zpc2NoZXJAdHVyYm9jb3IuY29t
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1416
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80a7a46f8,0x7ff80a7a4708,0x7ff80a7a4718
      2⤵
        PID:5032
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        2⤵
          PID:4420
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1224
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
          2⤵
            PID:3404
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
            2⤵
              PID:4352
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:3824
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                2⤵
                  PID:3300
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                  2⤵
                    PID:4972
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
                    2⤵
                      PID:4028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2804
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                      2⤵
                        PID:1320
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                        2⤵
                          PID:4468
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                          2⤵
                            PID:3664
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                            2⤵
                              PID:3680
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                              2⤵
                                PID:3216
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                                2⤵
                                  PID:3520
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4906086218269542283,15285479453572007148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
                                  2⤵
                                    PID:2620
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2364
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:2572

                                    Network

                                    MITRE ATT&CK Enterprise v6

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      b950ebe404eda736e529f1b0a975e8db

                                      SHA1

                                      4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

                                      SHA256

                                      bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

                                      SHA512

                                      6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      336B

                                      MD5

                                      7b3a71cc54b55537fd85a8434251b3fe

                                      SHA1

                                      69c3ca362d729e87e49142cfc5c2ab6faa3bb64b

                                      SHA256

                                      d2df3be11408071a060d9dabfdcb911ad60f820e2396914821f0befd7a11daa9

                                      SHA512

                                      ec4b842cae45e662eee685871c2b791bc1f7284ceb425c41a9f0edf7fc97716295a2a4db8250e467b99d79fa40310a1a16e482c4a3dd08cf9276a3a7102df610

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      975B

                                      MD5

                                      c60bcd245a9cdd6d2d36dd692c263c98

                                      SHA1

                                      ab98574c257915a51a8eacf4326bcff3868f71da

                                      SHA256

                                      159fb97877f62c45bd790d28887e8362582099e24e889926868bbe6793b7364d

                                      SHA512

                                      522ad1e21f37d1296a82e5976f8bea6a94e44d8c6784ba15bea3281f95a073a741b1add204efbcf06f396b08d06585a9dfa92dd6a62f567b6c93ac3aadf45f21

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      0523d08a1d1812e5c3bb05020ee78b87

                                      SHA1

                                      cde4969db7b9e7232017c493277d0b44932ba840

                                      SHA256

                                      4dfd943b7d297bb1661476be4ee4f53c7b000bcc4d34e55af88f7ec8403879c6

                                      SHA512

                                      6fafff322d6992b993d7cf30f867fba6f6873a6efce3d235e8de2929025b747eb2ccf3bac6ef522a933f9344e4085b34422514156bae0b928bff4d69d098015e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      6becee6e3a607b16ec5830313d4d0653

                                      SHA1

                                      72aa63c5c56c6fce20db82b2f17adee468743cec

                                      SHA256

                                      b6f7732de6de6272d0b6d3b4f2eb2620841ae77134a109e72b76f04dbd611e19

                                      SHA512

                                      69e14fe3e9767172aa8a0df22b228695dfbfce03dd02ce5294978ea62d19333ea20eb8097e6b23be88bddf58cf521e6e0d88c24532d67e8705879cfcb2785b19

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      5945ca87e732893996f1126fe4fba0fe

                                      SHA1

                                      654ce021c6ce0a38a54313dea4ab05464167d783

                                      SHA256

                                      68ead7f548236a53273007ce75d3d6c29156a35162e74b8a09de9d9a2e16bf01

                                      SHA512

                                      499d9fefbb5876f569087a7e216782fe55ba92c1f24f14acf5cb78971e0166d49ac8a82128361ade0394800d936853f01b9aa138426dc340cd749b60ceb09afd

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      c5e343c45fe836e5e975b5ce86e39350

                                      SHA1

                                      ee3cb5f1fd7244b92d0beb463c0021b8811bf1d5

                                      SHA256

                                      e8ada1b4487169052348c3372cbe287ca7ee3ae85d3a27615e4d377d53c6e3f1

                                      SHA512

                                      f75154777d41a7984f484e31f4cdf9b6d912835d22b213499546a01fcc9ca034fa03fbc3856f4802d481a4bfbe118514d49ca38a71b5468bf5a43e5feb421328

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      5KB

                                      MD5

                                      59d6593406b1e3c7b45ad2e1ac8b90c9

                                      SHA1

                                      215ece68e96555463f680510359a16398206807f

                                      SHA256

                                      e043f471a3c292856262212032e49a48a8f65b81337d11dd37aeb13aa5563d7c

                                      SHA512

                                      265a187b719f243e41470ec28588d29f3d1b201e021be7950c81362240db9cbdedd451354b812886b721f2ac00d0a0a67b05db7f2cd397d6a59926890b91e9d5

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                      Filesize

                                      24KB

                                      MD5

                                      ca36933e6dea7aa507a272121b34fdbb

                                      SHA1

                                      3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

                                      SHA256

                                      fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

                                      SHA512

                                      5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      370B

                                      MD5

                                      f33473791e18b64344b3b8d7ee09e1a6

                                      SHA1

                                      07123e2179d868cf600195be777ddf49b8fc17da

                                      SHA256

                                      68638c34364da9822bbf62fc17610735afb720526d39b8f6cb2311a943fd81d8

                                      SHA512

                                      445a6441ae995a573b0bfdea95ef2afecfc90e6bcdab620e278a20fb06f41adcee512d001442cde9c16f089a6952b8b9fc871badcddc408697c4b5708a02e6e5

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5879bf.TMP

                                      Filesize

                                      370B

                                      MD5

                                      b189f27da0e8b9e6de96ec304a601d60

                                      SHA1

                                      5b2dbe7e651c1bd43f933b1cf0d9c29ad9b358e1

                                      SHA256

                                      b836f93faaa7352b99d0961f404de2caf04024527a93ee377dd9c078d81ae8b6

                                      SHA512

                                      b7871be881629e7b2de43968ee57b1838fc651dcb85c06001354620387853fb5ddcd455bac73cc2834e01da3bfec82c988f71a1c52fa213898205d0c3c6e1c49

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      12KB

                                      MD5

                                      e725a6ca9b3c8a7706e16bc4bccf1047

                                      SHA1

                                      a48183e99d546c146d7b9fb0fa73760cce9838b1

                                      SHA256

                                      50a5ad229a2889dec22fd16dd93f426351352cf1f200e2ee2673b9dc95c6088c

                                      SHA512

                                      fdb47ab5bfb61a151bdcb06b622278a55296ad43eb96812df7af63af7ded3c0f38e524bcc5a3f56e0cf2e297f6eae4aac219f312c728fa581ee5cd8e13f25f67