hxxps://cargandocancelacionescaso554[.]joomla[.]com/

Analysis

max time kernel
31s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cargandocancelacionescaso554.joomla.com/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
880	msedge.exe
880	msedge.exe
4536	msedge.exe
4536	msedge.exe
1028	identity_helper.exe
1028	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 3044	4536	msedge.exe	70
PID 4536 wrote to memory of 3044	4536	msedge.exe	70
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 4972	4536	msedge.exe	86
PID 4536 wrote to memory of 880	4536	msedge.exe	85
PID 4536 wrote to memory of 880	4536	msedge.exe	85
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87
PID 4536 wrote to memory of 5080	4536	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cargandocancelacionescaso554.joomla.com/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadbe146f8,0x7ffadbe14708,0x7ffadbe14718
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11338519816758820529,5358594081470146918,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
85KB

MD5
a6a8132e36a0b863b934a2ee9a041b6f

SHA1
3eb055d3b4d6ba4f0dff86dad2609abd8d9be396

SHA256
029d716cf39ec639a2c75273cc8028eaf4dbd2d7320bae3c455bb26153e32b5d

SHA512
6b991deaec5cce34d95bfc1bb69539ae82b9a1aacdaa4e635a3f4aead65360715617af6dbf1a1eb421c7d9636ee18b3bd4c0b06739c49dbace0de8e1f18e5128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
88164779b9f871bb36a6ceee9c28c05d

SHA1
71d4d3b728d5c19ca8931189050c7469c3dc172c

SHA256
1e02c03b1d30c8b54a063499c5ea073bff32183743ccd45b4909bc13848ae580

SHA512
e1c8cc092e0e8f1174cbaed62f79a7d9da47374f79a80c7a6816857d7293d6fc850f0dd981d4bc803b2bb8258e795535ff17ddf1dad08db41807d0f5f2c23496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee0a2a81accf4c25d5962e33b6d754cf

SHA1
cd5cf115848753c8fdbe32d6d59360a93c735f91

SHA256
8191dee441d54b31e2a39d9dc8ce384eb4ebbbad0846e90453f28e17acd2d3b8

SHA512
bc33e068371a827bb8b5cf0a799f3f770539ac4503cbf5ac10d5fbeacd0b983436629422bf70db75acb3c99b2e7633e46108cc55590a1c5be7e0882e5a2887be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60b0144be621e4d67454f553227902c4

SHA1
9013df922da74408e899807a77c4933cfeb2da66

SHA256
6a42d6a82cd7a4197c1128d80380598699210ba7e2a900c40728113ac9388a55

SHA512
4ed82844052ab1fd436fd023f1537f158ec9324efa32968f321120ecd0a99188ca0fe5c9e95dc2db93e17c4a8d509af61709d7744a82f569740f5db8c02e44f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f491e0dd1c7542d6ae02e553acdf4fa

SHA1
154e55bff16fe245296680d0fd9651fb00b2d353

SHA256
4f6df0e5879f8efd7e07b368b62caf854832fbda03607b514a17738898fb0a1a

SHA512
20e8909653f160d36a8f22513affe804e93604e9f7d6dea248acbb2699bcfc9980eda5a39f6581890b70f7d571f4fc7230e0ca22af181e98f33d29dec6c8e78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
29213338df67d29d6454ee5d61ad3970

SHA1
8c69ca76a2e639060d5ce835a9600e6ea3764a83

SHA256
d29fc0d97fa74d382d0f557ecea4e42b7d50dbce43915bfc0c114c16e532aa51

SHA512
14db25eba8a863d390b97fce4315402ed7c249598ff6c31d5a191b0f71c274eead42ba0658403e744110de072e6ff1cac3bccee1e48875bde6b1fe39a60d2407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a1d74d4248c83f21f184a03e68a6052f

SHA1
a8f520bb61b9664de206cda6b9ac6d01e4d9fa92

SHA256
b270cc5cd85788e3c165a5b4c17993f78017ec1d7b9b0178a958b0e3a222239a

SHA512
d5177aa2da2adbcab003d1550ce043fe7e3c37164190cb2ea4127eebe89f856a3fb7701e0aa9afded5a3a9b22366fbbc0caee4b28959a86af94efeb1a93d4789

Download Submit