Analysis
-
max time kernel
39s -
max time network
37s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
01/08/2023, 08:31
General
-
Target
https://dse.hdrria.com/?organisation=sky.at?&ref=bWFya3VzLndpbmtsZXJAc2t5LmF0
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dse.hdrria.com/?organisation=sky.at?&ref=bWFya3VzLndpbmtsZXJAc2t5LmF01⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa14c946f8,0x7ffa14c94708,0x7ffa14c947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9173747917248777710,13732344282924979186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD52cb5b7f539b1fb6e70046e17e1adc653
SHA116264d72dda581c5d0967e83942c6c027e9bb635
SHA2562230a06f60d305fb35549e34032f85765335892f00a5103bb7ecb248c39caa10
SHA5121df5e3ffd6e95cb34bd663e2dfa384ab21e6fa4775a06a1a797d8b6b5798e10914f35ce4c4258e28d548957c60c8e8cb33c0dd8b1130b0838397b46983c926af
-
Filesize
152B
MD58411007bafe7b1182af1ad3a1809b4f8
SHA14a78ee0762aadd53accae8bb211b8b18dc602070
SHA2561f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3
SHA512909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb
-
Filesize
192B
MD5c654175123ba5270170c07f98b554868
SHA1bc75cbd8dea364c244e38fe7bfa8172f882b6aeb
SHA25635db04d6dfd43aaf3047a07cfdf81c5098b148ec16238045ce24f5274bedce7f
SHA5123cd9b510281c293663557dbf01a191bf7d14be87ecbd8086188ae1aadab35fd4d54bd97f3f60a98d84de2ed35b52c9b20974861fe2d2ccfc518ca77e425cc43c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD50ab440f50ffa785601c35b7bdce2c21f
SHA19f35c23ba6101d0bfaeaa28a0e4e7673c2087bf8
SHA2562159618603d766e5a6929dc8d6649ed91794cacbffbbac9cc497e270f0594d58
SHA512423b9ac30be0cc66e0876bb439b6adda405abb51a1383e49f8b6e2d2a042150e5c60852a14e9b105f397f3247efe517fc373e370271dcf2a36ad7914c4c5e72a
-
Filesize
5KB
MD5f7a35f49a844d9e6a4eea5e579129d86
SHA1718fb7e59709570a49c3daee61a989e8f1af691b
SHA2560408c178cec58a23aae69c46bfbbf5f8ab94e8f2df476d60f1d0447ff63dccad
SHA512c1589a3d0378811119d65511eaaf51ff13156b2587dfd2a55910ca4fe720a595bcee14f8d6137e0d3e9cd0db41520f84b3e814325176ecfeeb13e0b9424d51f3
-
Filesize
5KB
MD51e0e34ad7aea3c6484e05da92c7fd340
SHA1eb76f78f3b9efbfbbb95de2bf58953a52b6daa5a
SHA2566f9e78287edbf188d5f3551223974a9555d0c3c7907bb0dee90ddad1517956b5
SHA512e0cc850110d357add5f441e9858f79717ef1033c80126f76821ee2fa0bf7dd96ae1d1aded7f2076945209343534c68394d8829c20dd319b26ae0a4e625f3b8c1
-
Filesize
24KB
MD58caf4d73cc5a7d5e3fb3f9f1a9d4a0cc
SHA183f8586805286b716c70ddd14a2b7ec6a4d9d0fe
SHA2560e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c
SHA512084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e
-
Filesize
1KB
MD547661b9208b252cc902f8bc83153109f
SHA16ced7983dd5fc4179fada1f70fed5b0bd3154ee2
SHA25670dcb98a451c36bc5ba21cc70cda8dfb8ef1eb215865ee63df142c833bd5581e
SHA512be5ed81de746055104552ee0633b700a1f55bb9257f3c5699707e2e083a07359588f16bb8081d2452fd14764e86f631f016d4d3c59c1c457fe41a2ac17fa29bd
-
Filesize
537B
MD54c8745ed48a64e34dce1842df3aec873
SHA160e384348d7585a430de1b9a0df085e62e9cc5aa
SHA25691cd3516a4ce39f8c40df7bf59d5c5e20dc5390f3d74bf7954aef9344c973197
SHA512cc94332b114c22d04b4b22734e1b09596ae1bc1d55742636a2b8e44ff8d6c5362939c1dcfe60e44c742ed94440d3e99966565178649b280be0f1bac7e41975ea
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5b976224ca674c6298e70dbf117c53f27
SHA179c7c90f454206e64753c31a7135efb43cb911c3
SHA256c9fedd57dbdc5c4596af2c7890897060fb2651c88cd92650ef54c74d47945333
SHA5121fd6e9e5d7657d78003d9254680c5965ddbaf2d129ac8f92216dbcfcbde066563cf73eff3089d25afcd8213b74de644f9dbadea8b3fb86fbda42dbb4a1b0e960
-
Filesize
12KB
MD58b44b01ef64a0fee7ae7bc1f9f9562e8
SHA167c2b5c306980d535662e8f1bc82c4e07cd559cf
SHA256ad16ee6fc306c39763f23e685ecd0353638e747213cd7be16e8903a0666e18ac
SHA51249c1daf465bece63442e9a4b318c73f007e9e5960f85f78e90069d103521baf8055740350d967b4c85ca9eec9fa929be78d3edd85cff92e777a543517843f325