hxxp://myato-secure[.]com

Analysis

max time kernel
21s
max time network
25s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://myato-secure.com

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
664	msedge.exe
664	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe
664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 664 wrote to memory of 5104	664	msedge.exe	84
PID 664 wrote to memory of 5104	664	msedge.exe	84
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 1016	664	msedge.exe	85
PID 664 wrote to memory of 2700	664	msedge.exe	86
PID 664 wrote to memory of 2700	664	msedge.exe	86
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87
PID 664 wrote to memory of 4936	664	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://myato-secure.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff8ce9d46f8,0x7ff8ce9d4708,0x7ff8ce9d4718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10182313450192397077,2971758738084094107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
8548843423a62f364da4d2a4abe8b5f6

SHA1
a355947412f8d0463b02c535576b7b5f24b04eee

SHA256
60e9296e65bfa7650a6a05f82f674162e7f722843fd7236d67e448fb9213d7fa

SHA512
4ee7da80235ce3de5fafe9382a8bd92206e5e1327f9d022937dc73a3ee058d5f0ed1a33cdab5bc2c617fd8b5faa2ba52c9b930c1f6933dbb64a4a870791f2312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f64d517209e8e9612912b0d7d7a7853

SHA1
4912aaa547735c1ba3e9065e7d17faf70e2ad910

SHA256
121998d053a2b7d88a2577026cc2220b8b384230e118fab42bac91290d5b3043

SHA512
eedebe58863e51834b9fbff4ff94636fae748608ded5c285dbcf25941c4f7eb95732b7c42cdfd5d83346576a0e11e004e46fa26685e9142e6848610b31bd5ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9dbbeca2990d00881b720b3929aef517

SHA1
c03c8985397c74bc00da71d55e7cd1aaa8a487ba

SHA256
ff5af601e6725219329536e7574f5b1267a4e9664db25b32444021ab36399fdc

SHA512
b3c2e19854149fd2f0ad982433461162653a0d18d2d32b2656314990149606c1e2cd3a74a2f01fda76a2420b5b227dd5594ac4e695af12a277c8837b3a91ce33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7670ad15e83bde3ee4bec7c5643d23cd

SHA1
7f48b1322aba1a4720e87d9004b43298070e8728

SHA256
745f4dc913ebd1a8307178fa6ced79a8da3ae6cfc6a71e3a7e11c1207c512d13

SHA512
ba075f40f99cfb8cae0161bb721e414e74d6821a54f06b8049c3849a5725fb619eb686ec9062dbbecc460c6ddd8662f29a92c8107a54c2ce3153c969e69cc21d

Download Submit