hxxps://mysoftwarefree[.]com/adobe-after-effects-2023-free-download/

Resubmissions

21-07-2023 02:35

230721-c3cbfscd4v 1

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2023 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mysoftwarefree.com/adobe-after-effects-2023-free-download/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1300	msedge.exe
1300	msedge.exe
3332	msedge.exe
3332	msedge.exe
3724	identity_helper.exe
3724	identity_helper.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3332 wrote to memory of 4564	3332	msedge.exe	36
PID 3332 wrote to memory of 4564	3332	msedge.exe	36
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 2836	3332	msedge.exe	86
PID 3332 wrote to memory of 1300	3332	msedge.exe	85
PID 3332 wrote to memory of 1300	3332	msedge.exe	85
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87
PID 3332 wrote to memory of 3160	3332	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mysoftwarefree.com/adobe-after-effects-2023-free-download/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8baa46f8,0x7ffe8baa4708,0x7ffe8baa4718
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10540719500274647094,6215594266927818742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
88a7bcca192acea3c9fe1e69acb6b9b8

SHA1
2311e9b17311bc4087ebbf2684d2d47a5ecaf218

SHA256
6937298f3bc52ff680bb44b766939dbcf2b290af12015b3a9a32883419babc30

SHA512
18d03329f779c1915fe8296c997451f4a90bda4cf74675005ff03107a3c4cc91b926a64c0784803ae445713057630bad8fea638d1cf89e9858b3a208523ab0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
23c49763398d1026c2eea87c2a01b26c

SHA1
512daa0967a608ad21b9a70cd9acf696694c43df

SHA256
ff3d3d0ccd20ad5772412924ede9326cedee44b48caa876510dd345ecc002ddf

SHA512
a7e4a503e1814624ebc7e6a3b1e3c0aad150cf85ae46a242bc17c7bd638baf1d6589ea74c789fa1a6acc3f6438617e4cbeeab5335830828abd6124adc52b8d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
466a9a87c1054ab8b74d075020b39126

SHA1
834a2ebf7a6b437e378233aabac04cd09411bc54

SHA256
f62321a6f6f87b20485fd90a0ea5f09d3f07e97bb0d6411bd94cf5a299cdd92b

SHA512
6180a2ac0d110ef063cceca7d54fe739434bf810be82da61adacae711ce12a56eac67d4672ab690d078331caadff7a2ea2e29ac23081c4d1547d4cff12d718c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f43c9b6186413b5c6886e9efe6fe36ad

SHA1
df1e8691028c91b4616f758b267b4d6e90e8d287

SHA256
14b81f4c4dfe52d393dd8739c510c9052a705d3fc7a9bef04fdafa78993afbc5

SHA512
332b4c1c3a3fb78f7ac7fbda38b5b876adb6fb2919b98e69d7be49a5e5639435cf130aa89c7124c33e66349cb909222aed205a894c5d5433edaea6ca61ef2dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b3bde7f3-4179-4496-95f3-08e2302234e5.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5355b1ec2496d58e34f92cf52734349f

SHA1
1002c4d326fbe659d24b8512f6a355d3542bc71f

SHA256
527afe0e0db272e8ec2028086e658a9fc071c1d4fe7bc6d0b2893f0f5b115638

SHA512
4d8f603605b18eb58b015f7c1f59c4c0731186c1c2fdb9f47d9c1f4a5d21389e401499f3bf803720a16a9e6e2ee4f3798da86109bbc3f31bd8a79b9059a3dee5

Download Submit