hxxp://mycharthoagconnect[.]com

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2023, 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mycharthoagconnect.com

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1108	msedge.exe
1108	msedge.exe
2496	identity_helper.exe
2496	identity_helper.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe
1108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 384	1108	msedge.exe	82
PID 1108 wrote to memory of 384	1108	msedge.exe	82
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 4460	1108	msedge.exe	83
PID 1108 wrote to memory of 1188	1108	msedge.exe	84
PID 1108 wrote to memory of 1188	1108	msedge.exe	84
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85
PID 1108 wrote to memory of 3956	1108	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mycharthoagconnect.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf5b546f8,0x7ffcf5b54708,0x7ffcf5b54718
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12281656493193380720,16492244850389007550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6239e2f2-7152-4426-a00d-7f7f8e0fbec5.tmp

Filesize
6KB

MD5
51d042e20ad89fbb388c1f7dc7ba00f0

SHA1
c5cb88763c61fcefc64c217598a9677cca38a282

SHA256
7f8e778c01df558c8f48951d2c9075503dadd7554fbefac50f6eafdbd2c4ea36

SHA512
4d205ff9950d07720acfb3515cd16b297d9ae5e4f594a63e43842917fbec49cf0a300f9fbc0e70aa7d14f9a96118db3a8c9f3316a9f2eeec90461f0187a1f78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
5e9ba4c41fc6f38cda47a44ecb264b15

SHA1
a14a03798749457e426a75e649ce4fbddbb2ba88

SHA256
82f5500b8228250d8d4d5ec198c19fc86002c4f511ed94802cb164045bf2547b

SHA512
628fd7c84b43a043a8ba2bc205b1ce20ee46526cfa72e343ced32aa895eab029b591a46a37e3e508951c1cdc22b0206d8ff4737ae39c8a70e0c19b1c4975c91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
804B

MD5
9d5f72cf57a0310dd38962d2b8adc386

SHA1
c2ff74b1626bd4d5af4e1e080fc802aa87fbb34f

SHA256
0e43db8f61f7453d9a9fe8ec3643f83e52c960f5e678e0d7bac30762be333980

SHA512
7ef8984df3cebc1e22d508698d2aa53f2127ae2bedea8e506fa10800986ca1a16f9e56fb8ef241415d753cd5bdfa63366565df7e220fde5e4fdcb1cb400d9ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5a02ad25ad5a0139bca5e89cd3ef124

SHA1
c8e6708848b3cc41c9c65855e28975d60c27ed98

SHA256
402d46b6ab8f65935ffd819638da44c6f2184a60ce8bfc22afa83ad087fc1206

SHA512
5da995aad1bbf16bc58643e7bf52700214f3414489899c8d498cbdd6c5c0769b974e51b32b66a42a2899bf64e272ed7be96163f614b766bfb2efb22b93099f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ebe1a6bfddef58f8ea8b6fc7c2246d08

SHA1
f5ad4f90793d0d89721e31617656a288d133cbd9

SHA256
545a294237c46f9fe46fea52ac91ef74c385d8a221a579016a7945bee2803920

SHA512
ecb80bf88c27e78007494738268dacaa54370cc6ece55008c4bf3f88bf60d87284aca9d717ed9a1fc07a2bf81a04bc46c30828f929fa482361c78d699b583374

Download Submit