Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://update-incom...

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2023 05:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://update-income.info/in

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://update-income.info/in
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4964
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcff446f8,0x7ffdcff44708,0x7ffdcff44718
      2⤵
        PID:616
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:920
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        2⤵
          PID:2692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
          2⤵
            PID:2408
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:3956
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
              2⤵
                PID:4916
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                2⤵
                  PID:3704
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4444
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                  2⤵
                    PID:3460
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                    2⤵
                      PID:2704
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                      2⤵
                        PID:2156
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
                        2⤵
                          PID:924
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
                          2⤵
                            PID:4344
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
                            2⤵
                              PID:1396
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
                              2⤵
                                PID:4088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
                                2⤵
                                  PID:4004
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                                  2⤵
                                    PID:636
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15763149232688633701,1988537913626523917,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4556
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1288
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:900

                                    Network

                                    MITRE ATT&CK Matrix

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      f6f47b83c67fe32ee32811d6611d269c

                                      SHA1

                                      b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

                                      SHA256

                                      ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

                                      SHA512

                                      6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                      Filesize

                                      20KB

                                      MD5

                                      3d8fb837c8955e6418258bf20d428098

                                      SHA1

                                      81f6b08da7bf258fe71e06fbdcda6bc31b401196

                                      SHA256

                                      c2e04505107f514612c7fa14570c0c47a9c45e9d8a0337639b51b5e7d06a708a

                                      SHA512

                                      024d80e7b997eb42726e77ce2a101687ff5dc5cccb5a738d242ced834a188334da6e8b90b845773eaf914d26e5edb3b4fd1462b431d8688adc6c4cb4520a44a6

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      d02cc8a191f92affefaf50c8a7ec9c42

                                      SHA1

                                      7435402e2c11b63cec6362d7deee98bfb10deca2

                                      SHA256

                                      dfd915edb0d382dec08b7a7dbe58e7b3390aa6f8459760f1638f0b01ed31f955

                                      SHA512

                                      cb48e61c6b6a1885275be06a9d5dbab93e6d7e83f4cbad1cc38de4d75c71c15eb9994020d03ab7399273acb017d0b26775472a4c88d8388958036d5edfb4c6ba

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      951B

                                      MD5

                                      16bab5d6c917da7c421c3e8ee2dd0b1a

                                      SHA1

                                      7eee44caf5040658b1cb02809abfd700745abeb5

                                      SHA256

                                      b7fc28b7f4a27c0a115563105978a79ae250511fd9dec38a98a96fbaca4b3e92

                                      SHA512

                                      b419ba73755444bd47b35d0e0b0203bf2e124877b2dcec13a73469f776df34082680d0acbbe23a49e8c17581502ad8b83cb67ca2e920051329974b569e77a17c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      04185b690afefa49811583f857e821bf

                                      SHA1

                                      a2b109ba9b514ad15bf7178e7e49743ccb8e8f54

                                      SHA256

                                      b64bfc55140fc9467721e2369587715b9642015689d7564e999dd725ae97fce9

                                      SHA512

                                      e1d9524b7f6f9b0e6453731bf4ae0fa79a501061dfd34f65905b2e27da648dd6ffdac7ba674b9ffc71af0f1f84497b9c075f39d8a58decfb3b2a5f8ec1a1fd62

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      74cab0d495ec03a206c3660bbaaf9072

                                      SHA1

                                      f9795afdbfe8fcc91c5b23bbc4cd913e71c92fb4

                                      SHA256

                                      6a3f28ccc2f523fe980b37c38bf291655f21a723c2d41470e63d0137eec27c43

                                      SHA512

                                      027d2fce2d214645eff43f00804be3a4b5c699df08eff4af142005f7ec4f9d2df5559066df20367d71ca221fbaaf9136fbda54b78729f091bd5626b0596c229c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      8KB

                                      MD5

                                      8db6416322c4a92d631e816c0cc8a8c8

                                      SHA1

                                      301f70f298c6ad10da89d693587accad50013700

                                      SHA256

                                      12ea1443330ced9828f120ad420a7b8395df1dc1802ccddbf49e2518937513b7

                                      SHA512

                                      518489491fe832a730b3f2696894ccf1f5567f6ae5b552e12de3f683a0124ecb0d8cac36c3505e8b20b9d314761c3908f1e14a3be70fae18322da6245d3fd3d9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      b25abf4a85ba1db470179d06fd3fe732

                                      SHA1

                                      8f94ed40eac611a36d0884b3274e22cbc275dcfe

                                      SHA256

                                      66ca16982c0253f1ed38bcc03574a946c28e6c78792240cfe1b095496ed850be

                                      SHA512

                                      7b6055826fbf7ba0bc3140b9748a18a18a0387f51f0394fb71276f69e9c3ebd5239d454ede9469c1456911c6a7076318a9cb2f3c79db55632a4fb418aeafae66

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      dbd6d5b6fd5d0dae432995154a133ea8

                                      SHA1

                                      a5b2582ff698d96730019cbe85101c37feb883e2

                                      SHA256

                                      18471acf8691096b80a7e959159f4453269204e3fb777527fa920500f38d20ce

                                      SHA512

                                      7543a7d592d1d665feb61a5c5bd0c6c4ec03ac2333eab3fbc1d3dc130f9ab3dc08f71c02218f89c832a387b428e4b7584c28cb234cbbf774d4ce65d99dd9a09a

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      5544c64f2a8f49dabc19eb84267b1c9b

                                      SHA1

                                      c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

                                      SHA256

                                      a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

                                      SHA512

                                      38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      5f20ba3b75b2be191d81b012d7fe2499

                                      SHA1

                                      0ac8dbc817bd24b93e8d33ac18edcf9d93557660

                                      SHA256

                                      f5a05236c437b8b6c969d3afdf8182d461b53601ca93d05cefb641435ad18813

                                      SHA512

                                      61474f8c6d8fe685dc7efbb4678f8d8e1d33d6971e413f015b803dd193b8506eddf5c1db8610d937df03a590b5fda9d88cbb7056288855ddb86b8c90165b46e1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      13KB

                                      MD5

                                      aa48e85e3361599adec27f5ee575ddb9

                                      SHA1

                                      f2736cf514d28953c57b946d7da2422755a415c0

                                      SHA256

                                      1e26b34b547d7250b33503f8e83e245e38e06870291ab1d2386114e30fbe7dbb

                                      SHA512

                                      a1165ed82971cbbfd45c4d8f5499945f437d7f7444491425a64f6e4e335c56f33231e3d98ee1e88c5470c02c1e28445532e4309342c8eb1dfef7891ba977b2b6

                                      Download Submit