Analysis
-
max time kernel
71s -
max time network
72s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
03-08-2023 19:54
General
-
Target
http://web.seoflatrate.co.uk
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://web.seoflatrate.co.uk1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d9646f8,0x7fff0d964708,0x7fff0d9647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6399357736979691488,16013532690329522403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58411007bafe7b1182af1ad3a1809b4f8
SHA14a78ee0762aadd53accae8bb211b8b18dc602070
SHA2561f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3
SHA512909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb
-
Filesize
36KB
MD579bdb8d14180d2e04827b7e03a0dfa59
SHA1a35d70bd3538d9ade3b688556f037722bf76df47
SHA256dc626adb4d3764e33b3cc7be9a7e1df2e6ab50e59e144ac27e10c93c5f697aa2
SHA51262b33a20c1ad2edb58c1c9f513c49bef3ca93787b20cf4123992a9c509873ef9a4988a20ac77dca110d7bc6eaf3a0a38b4006e2955a3553f9444d206dd3affcb
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5ede42f3b7e32de0757bbe8fe69ff4327
SHA1e0fb3220c3618a8faeb3f7faab6ce74c594e1638
SHA256bf5bc800ee17a6edd3060a886d4aba76270a96163618c9e37010d8291f3bb173
SHA5129da4ef53f2540f6065a06b93110c1f783c1879977be2f64eb55cc055d802c2553b2904bf8acbd87225527e35f38efd1f28af615dd45813639a9fc49ca247d84e
-
Filesize
5KB
MD55354bb78d4ca14ba051480e6f4e40a6d
SHA17551d4d06e8b22530d97d52add44bb6f90a0690d
SHA2562226a778fada33a3e4b3a34ba25922b92c09ff1ce9aea93b27e80f3e36708f9e
SHA5128fea0d8292c780dc6b0e0967aed513ed838f61ed855615ca90c3a52a9ec853e89788c767e2ea29e9b2b9910c90bed19a72d20acea2d649486e994a65e50dd738
-
Filesize
5KB
MD5a1dbef239015d44e92a55a7d0b63d789
SHA1db43b63d041252f5df18bf5a7218b43213395f4a
SHA256fe4b68542df87af51e4ccc26c4444a4c4204d197c3bd0955318848b618182d79
SHA5128d3343299b4abcfe91bcd5e46d00462471f7f9f22aa908656fe8f54722f83cdbe1ac090bbcdf2ed53c141d3428a28dfaca953b4f3511da2eaa4e25d9ed535b09
-
Filesize
7KB
MD52c0e2722ba5aea34f599f965bc6a04c8
SHA1065fd7455f6c42c08648a60ffcad4b302a0d616a
SHA256d73dd539ade7c6e85399cd925e30c02d54b957813be01d704c383087743f44cb
SHA5120758868f4178f366cb82b5e3732e19aba3c821e8f9c21e802a5cdc522d857383f4548e41fcc9b4372f18401e1e4f39fd4d4b90403533a7698f965b8060b69eaf
-
Filesize
24KB
MD58caf4d73cc5a7d5e3fb3f9f1a9d4a0cc
SHA183f8586805286b716c70ddd14a2b7ec6a4d9d0fe
SHA2560e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c
SHA512084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e
-
Filesize
706B
MD5ef138dff65f40acb95133930b4cbb93c
SHA1d6a571c9086811107f5192cd081b71b5c3e4d4b3
SHA256a75a6ece3a874f480a0d25b3cd2401ba03559a7812fed3c69efe0efb61f2f664
SHA512760d40fe43fbb2364e3eee5d431ad3de27b776efdfe82a061c1ee6d40a9ef5fe4a760fb0d64c466e0eb679f58646ba3446fd70aea56e0d060b32fe8b0baddba7
-
Filesize
539B
MD547542a666c9481eb82e2a3374f36a94e
SHA1a4150bdc48eada809f7422eee7207318673a8fba
SHA25665794119d431d0cf9838f6f1ba845386b407625b9292262505867b1421d2f545
SHA5122b32b8f4e3e89f01416e5740d2347f2a2fb11f107c32403bc022f25b9b3a8b1c2bde6fe0efadcd5eab66581be8db227c38e31ec92ed78b08b0c972a36955af1e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD529742b751fc01703a42e52d10f2ec734
SHA18f92d3ddf40ebb386a94ee98b35de7320278cabb
SHA256d671fc29ea6f2d25ad08d0b6a051e671ee666d5802e8f099c22c77fa226dd801
SHA512f44b16c7aa14d44918292f23869d7f0dc353219390969cc39c0372f6966e03b9d1018037262cd012d9b68172b8496310a97e30aace5be485b9e4cd1526c5d50d
-
Filesize
12KB
MD56d08844173618320a9c3e37f72f7a911
SHA126cf2d1a07ccbb3e1568fa055b1e95c845b5f476
SHA2566e59be26923aae90742bbc81edaf416cf946d70340c83b9876674cfe35271c66
SHA512011ffb17c501a732b4406bdcea434f85d0f9440a1d02c26306835f312ddc16c8cda018bcff2e5f49a7993a93fc8ad9546d5bdc674d29a91c1994671dd70505a4