Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://myaccount.go...

windows10-2004-x64

1

Analysis

  • max time kernel
    451s
  • max time network
    430s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2023, 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://myaccount.google.com/

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://myaccount.google.com/
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2316
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a4746f8,0x7fff9a474708,0x7fff9a474718
      2⤵
        PID:1896
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4744
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:4652
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
          2⤵
            PID:1496
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
            2⤵
              PID:2684
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
              2⤵
                PID:3936
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                2⤵
                  PID:1140
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4740 /prefetch:8
                  2⤵
                    PID:4968
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
                    2⤵
                      PID:4204
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
                      2⤵
                        PID:4800
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
                        2⤵
                          PID:2468
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4060
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                          2⤵
                            PID:4052
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                            2⤵
                              PID:3940
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2339053406353636635,1776692202106534877,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1364 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3576
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4028
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:848
                              • C:\Windows\system32\AUDIODG.EXE
                                C:\Windows\system32\AUDIODG.EXE 0x4c4 0x4e4
                                1⤵
                                  PID:4464

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  8411007bafe7b1182af1ad3a1809b4f8

                                  SHA1

                                  4a78ee0762aadd53accae8bb211b8b18dc602070

                                  SHA256

                                  1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

                                  SHA512

                                  909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  168B

                                  MD5

                                  cec0a582498842f6e24a3ebdeadd9142

                                  SHA1

                                  92446c42ab3d8fae00ed93eba4d9105520209792

                                  SHA256

                                  97cd07bfcdc35ce78ff20a67a7d860fa3ce3e578908f24435ffffa2575e6c85a

                                  SHA512

                                  a2249b59f07ffd36ba4f3e5d9d0a28b1370ca754218e554db5da3d22968610375943cd0421d2e2299feafd70480f34691852ed304e0140e3f92c766e7d3cee48

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  285252a2f6327d41eab203dc2f402c67

                                  SHA1

                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                  SHA256

                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                  SHA512

                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  a2d068b59322cebbb6c922e0c95f2a70

                                  SHA1

                                  6df1469cbf62090a4a3342eb473f0099c4b2098f

                                  SHA256

                                  5905ca41ac1b3d19f935d9394c5a51a0f0923b5f15e71650052c73dcb987ac2a

                                  SHA512

                                  e6d383ebdcf80aab9ef100c7306de7d2e394da1d46b37293f71a4995a9228172df34047ab282729f7df5c6a455e4b7d6ebd971b0c3f208b4f6e11f832735f80a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  b56586e0470959809b10f76e3e9d6e5e

                                  SHA1

                                  9517b4c437b3ffb4f21dbce5ec50372744eb51cc

                                  SHA256

                                  dbe2b1e0bdf723b13e6703cdb6e94d0320481922649411499281be779b4dd48e

                                  SHA512

                                  66a00e530fd6bc1c053aa5ce38b25fbec50b6558b6ba13f49c8062e44352b81288f4da9300a1a7d55a59bdbc51f9dca8011e3eea0918a308807d3c4943d04ff7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  113f7cf06aa3cfeb3bb08597b3f2fbb3

                                  SHA1

                                  5c6498d8e514e0259b6543bac0b1a6b27c4af2f0

                                  SHA256

                                  7b960d8bb8d0bb9310a3a2b86dfb3838b6304758f2d517259e4fb1e68f8ce464

                                  SHA512

                                  d01f993749d94ea48b483f6534d6cc13162103a61a065df6dc09d7e563b4c156f7edaeaf214e166c5bbdbd8c49ac307b8b5552719dacc398cac9b3b08428f2b7

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  926599b57d94748e79a2e82a4d53ca70

                                  SHA1

                                  0d367bcdac48680c2ea9dff0a42bcccf935c5361

                                  SHA256

                                  e892a726ecb3af4fb74c0b41f26df6c921b0a3d9c8e94dff66a8b0a5293a1d94

                                  SHA512

                                  27523f8a1b5134c27acc79aa668fafa7ac06834c48858b0abd38162da3ecdeec22e61f328029b768b0b287c3bb9c1de469c0cdca7d0755cb6a4d7d8723774f9a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  bebbc43f778c0981efffa99bb587a242

                                  SHA1

                                  26c7ea748b51e9cfc1c8d42f85598f88e4ed673b

                                  SHA256

                                  4ba33d28ba394fb97c03c82baa939429196dfec68477a8a9beba806319649f1b

                                  SHA512

                                  1c267bd90d92bddd8027fb6d74f18456486f74b0c1fa6e351ab52a2298f93b77ca086913cc3f40e255737b3baa521be9eb9f0c7f020382406e38a1d431dc0e77

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  aa49894b1c79ccf6bfd2ff2b2eb38899

                                  SHA1

                                  16d6dc86fdf9f6893b8f95d364a1a555f2f133ea

                                  SHA256

                                  5e74232c02b1ff27ccd4fcf7d8d9f0132c572946c2c272cf00bc17dbba4831d8

                                  SHA512

                                  ff20dd50decf25048b2ff4fa2f3e1e0252a7dae84f12f5aa8c1c69180789a65bdd2fa80420d43849dfe61d24d16fec20e2d417e1a9f319f00520f4d2f6ba0ec0

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  24KB

                                  MD5

                                  8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

                                  SHA1

                                  83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

                                  SHA256

                                  0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

                                  SHA512

                                  084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  da514b982da0d0bbc402fbdc16b844e9

                                  SHA1

                                  9abbcda6b43e348164dc12ce03591b679672aaff

                                  SHA256

                                  6518bcf115be8d02724b668306179439f94f8a51ce2d3cff01fd184084739a1b

                                  SHA512

                                  96af706852c01aae8047ddc1be363e0459b64a37a3a5d6b892ed70a0d10e612f5cd0a3ebde24f053b298cce362f359b2bef3baf420e2a9861de22cd4fb55fcde

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  30713dde80fcb849b597e947bd8f8752

                                  SHA1

                                  398794b624ecf1aa99a67fd50da2885085a17cfe

                                  SHA256

                                  f153b59c1d0cec0c8f66938ad69440e69a63c925858458f89b57a6fded8754b5

                                  SHA512

                                  cbe08b3266ef36e6ee2ab2e08ce259df88d8a1526de425d6d786ed0f1f61abe6598947e49da815817baef2a109befae10ade28904428edfdc78df4a17be56ffd

                                  Download Submit