Analysis
-
max time kernel
196s -
max time network
206s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
07/08/2023, 11:53
General
-
Target
https://ynotlook.com/eurocity-train-zurich-lugano-2nd-class/?utm_campaign=9LxaIa0BIw&utm_medium=group&utm_content=placement&utm_term=keyword&fbclid&fbpixel
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ynotlook.com/eurocity-train-zurich-lugano-2nd-class/?utm_campaign=9LxaIa0BIw&utm_medium=group&utm_content=placement&utm_term=keyword&fbclid&fbpixel1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b76546f8,0x7ff9b7654708,0x7ff9b76547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17239905754739938854,7560997904068324277,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6064 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD570e2e6954b953053c0c4f3b6e6ad9330
SHA1cb61ba67b3bffa1d833bb85cc9547669ec46f62f
SHA256f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4
SHA512eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a
-
Filesize
792B
MD5f1f4a9d95d2e77330fbbd8f3611ca3ee
SHA1e4f6f477fd0e2b73e80570280cfeb259e3da9ad5
SHA256cc165b4c0ad4b4767d898dcc5300087796d7753859d8bd41b4cabd342beec8b8
SHA5127dfa3e45e52b691ff1f51658b124833648934c0be3ec5b289c2a5f7e018141bd2edec104cd01b0b581503c9c91add0c617fec59767e0cb9b901a93ba450204ef
-
Filesize
2KB
MD54c2516c25ecc81f2b570c0c4a7c79d37
SHA12f65618742deb12008a584b1ae52f8c66f225529
SHA25648de2d6af9383f2aa339e034f1908c6837ccca23cb8a480a88a1d72024c9b561
SHA512fbcb971527032c394ea0d413866655e2a23cbde8607994651929ad3a636793864ebd81fe67f5608e30bf51267b500c9685822b0cd280460bc817a55306d1d210
-
Filesize
2KB
MD5bb14fcdb0cb784106d793a7d6a117dba
SHA186263befb00761d52d4a1d397de17ed9bd18f0d6
SHA256415ac0fcab1ec1c8c48f89dbc7a6d122cff221b6baa89ed536e2f473818f0f1f
SHA512b1036633f9728c540c1b2864d563782358aa0fc1c41b06e2932fc60d69ada895b91025536589c8915e97bfbbd02d898f1e4b01a7e4d5c839f9073a065a387307
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD578c42d67f3cada5ec90a932b6b81cc7e
SHA1db2993a1a4624bef42cd0f690cdcaa141440797a
SHA2568d432776534cd633626c14dc2cce895aac2a31fe3a976dbd27f2b65e137b8c1d
SHA5126f8d13d591e3498942387b92e7506f9ed9c6f6fe73bfe4d393a78ea1bfdb4c5ee6c2f8e81f160e642471a3e4ac4220582d10537866b15e5f8a7b7802b4f3b1f8
-
Filesize
5KB
MD50333dc482b4d56f74b2dc710d3ad5ad0
SHA18df571039bdb6b6c29e590db34856cb236c7f4a8
SHA25604f9d5a6097aa53156d87c37b67237f0fbd1857c82203cba73ae0e6b241d4af9
SHA512261287f4907d70eab9442520801e82f0a5608a1cdfbc9e9a823f1bc9548f7cf4a6e1757caf11f3085e009f9bdc350e2b84e7ca5666120d46e20702257ba55fd4
-
Filesize
6KB
MD5524c50dd2431c3fcd66fe20748f54441
SHA1791254c037ba38a5a1668ab4540e57139d14b9cc
SHA2560ba4ccbd9c4e21e487811a3dcea2f99f61bc959303bb8fc8213b2f1475daa19e
SHA512213c8e6ef7be5daaf5ada866a9f0f368974e2a013d116cc4277be7e5a590a5021bfb8f96fec81607ff17bc416cbf7eb6e3d0e5fa8615361fcf7fc3386b80762f
-
Filesize
24KB
MD55a478f1e08816969e8214f982850b754
SHA11cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c
SHA256665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489
SHA5127e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832
-
Filesize
873B
MD5c3538c77455ca4e2458f304a46cdeccc
SHA1ed5331df50c1c8f9cced6739d329a64b0eaf91bc
SHA256700a1ab33bfbb1a97dde50ad4c6bdd0c48f3d15b0534f0a3584b30ffd808f0f0
SHA51267f737fba65266212053f141829da83c1ad3a40cd3a3e78d081f8a1de9a1d11dc5b918fef09a94c13f8f8ef444235b529d4e96641455907bc0c5d3583bae921d
-
Filesize
873B
MD5acdf1f6145bc94abf8022f862c6185c1
SHA15bd7569093bdee5b24ca37b186e8b61bb73dbd79
SHA256887ed144b7c92c53714d550644f53fb583afea8f1c7dc4d8081830960b2500ea
SHA5123c910d142dd2dfcd1ee07bb274ebf83b744dec14e9dfbec536fb4fe6471401be2a612d61151fd6009eca0c0e8a285496049df3896ba4990bb6b7438bbe171296
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD53760bab09adf5d93909655a4a31eae4d
SHA1552d0336bf51bb052ba50e2aa541e422e187cb0f
SHA25671320a608200dac0dda3067879e4941a4abba18a6840c640f538226c9becdecb
SHA5122b240034573777eea1064b8f59da5787c3e614f7e994490f594332708afff6e19ea7b9fddda63506ce7949f01efd78c2188ede249f565fd49d12d7c0f1f70377