hxxps://rediurl937437[.]myclickfunnels[.]com/myg3083FDSJ

Analysis

max time kernel
73s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15/08/2023, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rediurl937437.myclickfunnels.com/myg3083FDSJ

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
1008	msedge.exe
1008	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1388	1008	msedge.exe	80
PID 1008 wrote to memory of 1388	1008	msedge.exe	80
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 2332	1008	msedge.exe	81
PID 1008 wrote to memory of 1368	1008	msedge.exe	83
PID 1008 wrote to memory of 1368	1008	msedge.exe	83
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82
PID 1008 wrote to memory of 4796	1008	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rediurl937437.myclickfunnels.com/myg3083FDSJ
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffc6bea46f8,0x7ffc6bea4708,0x7ffc6bea4718
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16005289920928084055,190038357801690675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
ae7492232a7c42dd9a4ce18cf790471c

SHA1
241ecf2198ecdbf17f940c88bc872e93e8ff4f1b

SHA256
c0869c45c95ea8615ca6ea20404d33a6c2a4e29d9d9a31c9e0b5e1975a3c772b

SHA512
474a2903ff2b2c944fcc82cb4e0bb06aed148e29378d389127cfa1c7e34cc700edc97b9d8f63d34f4a7dc15cc0297fe3ced39c2c8639aa7f6954d33b63fc92ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
adbade724a20e3e1771be7cec7a46a44

SHA1
a61f38e5633525ea83f83d8e908911bd3a178e17

SHA256
417df0cb0043ec2cd73aeb1ed6bfa8d72d5749975a3eee832a6e69f8037e7f86

SHA512
b2b6d31babaee9b4af0cb03526c5761f900ce6a71fa2b156a7c578bb1bc7ca5b7104f572d491cb8c7e6cfd8d048b4da91be65cda31922b892847848b15c7610f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fdd49d3130046777e43d03b8a559adfe

SHA1
e9084d4f01417f7f4cda4c2b8bd9c0da243270c8

SHA256
6f768d812bca03224d139496d3982475641ec7da844cada6e2fc35592baa9913

SHA512
32953eefa6dfdb1235e41234ae7514a502bd02a2e2a0e597fffd256b75486c910b5a42af334a94d0b4aaafcd8cb7b99855505d94bcc994e2225cf2080791a64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
257adf9f778939643880f8b74170a28d

SHA1
a453822abb5d7b48a26e5ca549ceb21ee934f31f

SHA256
c5cc85ffdc728b58eaf619e4bfdf6806159c22e61469e5f67d5b138720671ab1

SHA512
303a1b61cccbef9feaba24c91d20aedccb411eb7b5d6cf012b625eb9b623d7da75615096cef3863177e34aa2ce3f12e98af69be9a017196ef0ac061975ea8f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a2d885bf5f4cc95fea7168fcd7888d09

SHA1
74fe303226dfd1cd86aada2ab46547903f63bb46

SHA256
0086486d92f88f7102f1773a761c1755d6023f443faab84434bcbb4bbf622400

SHA512
a19032ab5c44dd81b7432df891599c2da6199b485ae007b9decea474a91dc651b7d5fd21c158e786b7857b751c89f36a22076124ef1e6578f2562705b5893bc5

Download Submit