hxxp://mygov-client-portal[.]com

Analysis

max time kernel
6s
max time network
15s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2023, 23:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://mygov-client-portal.com

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 2584	1112	msedge.exe	46
PID 1112 wrote to memory of 2584	1112	msedge.exe	46
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 1692	1112	msedge.exe	85
PID 1112 wrote to memory of 4676	1112	msedge.exe	86
PID 1112 wrote to memory of 4676	1112	msedge.exe	86
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88
PID 1112 wrote to memory of 3324	1112	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mygov-client-portal.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8233e46f8,0x7ff8233e4708,0x7ff8233e4718
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13699358626455523363,18151978730613744754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5f5369274e3bfbc449588bbb57bd383

SHA1
58bb46d57bd70c1c0bcbad619353cbe185f34c3b

SHA256
4190bd2ec2c0c65a2b8b97782cd3ae1d6cead80242f3595f06ebc6648c3e3464

SHA512
04a3816af6c5a335cde99d97019a3f68ade65eba70e4667c4d7dd78f78910481549f1dad23a46ccf9efa2e25c6e7a7c78c592b6ace951e1aab106ba06a10fcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a140a8deb5a810a8d6ced5e9bcf13d64

SHA1
3ef4e4b28145b1429bb1167849513b3fbd6f4d29

SHA256
061c3221e0bb67881dc5f17cd32e6b5fc54c48c17e5e20213a1747d1f4652a68

SHA512
34c7792f3a17e83f7456124831bb92b7ac1319c83ab2c1dd8b4dffdfb55c6ccf257427056bda9ebfae8f45ce1217417af8ef8755c0f585005281ca42201bf873

Download Submit