hxxps://www[.]linkedin[.]com/slink?code=g8SGWMaD#cGhpbGlwLmdpYnNvbkBraXJrYmkuY29t

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/slink?code=g8SGWMaD#cGhpbGlwLmdpYnNvbkBraXJrYmkuY29t

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
2572	msedge.exe
2572	msedge.exe
5056	identity_helper.exe
5056	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 5024	832	msedge.exe	27
PID 832 wrote to memory of 5024	832	msedge.exe	27
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 4072	832	msedge.exe	86
PID 832 wrote to memory of 2572	832	msedge.exe	87
PID 832 wrote to memory of 2572	832	msedge.exe	87
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88
PID 832 wrote to memory of 2928	832	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/slink?code=g8SGWMaD#cGhpbGlwLmdpYnNvbkBraXJrYmkuY29t
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9294246f8,0x7ff929424708,0x7ff929424718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,814045845072573264,476534396288463133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
  2⤵
  PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
08e89dd2ec6771c5abeb02b6ff991ef8

SHA1
7ed1153b1126f2843c7989e9b5641597bb3227a7

SHA256
0c98454d46d143c0ca530bcd3818feb75437c2c3e409af52cdf9c0faf9c94b3b

SHA512
1ad6d62762861ea4d3e879f47cd2100481d29f81507b8272a216868cec1e7e63cf487e316aa71dc15e010f3d97ef8aa57e3c43a5be1bc16dfa0a846d70a0134a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
867B

MD5
79b66ae1550bdeca163e9886840536ed

SHA1
351983316bcdac6370dfcbcd6294ebf5d82aed83

SHA256
581cad586b77d01c5cb7ae6bad389defbdd3645f017345d281ea044490175a2e

SHA512
8ef422917549778082da9d98e4a80978c24d52f5c9cb16be398ebdacb8fcb385cc2350a02dd53ce90f797f688a13ffdc3e6da3e2331d44e85c449efd36dce172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
caff4f1401e2e6f8e9f1475e760b962f

SHA1
0b8554fc26dd9ce1872da6280b2a67856559dd22

SHA256
ca60d3a15c4cfa7f1fd2542bb9ed6401c77247bc1e925064711ec7dfe131eb8d

SHA512
e6f9d97db0283563636d2c8caaa180df231bd48c93bb3592960bfb06b3af5379d19086da44c5b28b9cbfa9c4a3f9549efa0d08b95573cb58bef6ffa69093a710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9b5e8e27175c303b9a73cad8ce36b72

SHA1
9deb229dfee0b81fafe7990d5f0b206beb2940e7

SHA256
665405270266453ec5b827115bea2e00a367b6d2dce8ba8c7ea83746023d6944

SHA512
e7b33698a4330b4f17f0ba4d2b7eae5aabb7a31f21390050df86c21e22724434bb69b7b55ba6814cad6cc1b93028dbb2f27d46aa6c4ba8fb7c2814327e1b015e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c63f6946-e6ca-4eaa-b540-82b778b72b88.tmp

Filesize
5KB

MD5
d50085fdc562f3baa99374a2d027e13d

SHA1
c86ba10b414da3749364ce7818b7442e018a210e

SHA256
74082e2d910d1fbc00cb6f616a80598b190c6d0828bf8240f190bfce3d205cf9

SHA512
7361f4b30e0320166aad17ac1025698c3a7dacd789981bb28883b1b48eab084ce53ce803cda2bacfa2192d5cd7cd9357bc0a4d7562f8d36b2840683ed1eae4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb428b3aaa8c24ebbcb9ad889759b37c

SHA1
f83e285a4a86ea5366e66499628a242feef56d81

SHA256
ab32557dacb80427cc617d13c08c52474e07346e7c10d9ee53c3dbac11b85ad7

SHA512
6f9c8593b363bdc7de282c98f29fb2ef721a7cc2d9b4db2d625901b30fe7763998fa803e0f63b7e673ddbd4731565b5361267c4dc1e0a83f0e2df262fe790c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5aa70e47a7f0e532ccf4fa7434c583ba

SHA1
895877f729bacd854281a543097802d7a6fa0ae9

SHA256
60430dca965c75a3452715405147adad6b5729db827f2142bcb06a3f53a8490d

SHA512
8ebcda5bc350132817da3a918f35dc75ff771dbfeca9ce1428a9ce0f5277561c6e796066a513c8ccb4d540887b297db8353a7bccdbf651da06e139fa335d3b4b

Download Submit