hxxp://encroachsnortvarnish[.]com/fyxndedtn6?xfgvg=10&refer=https%3A%2F%2Fgokutv[.]me%2Finsidious-the-red-door-2023-hd%2F&kw=%5B%22insidious%22%2C%22the%22%2C%22red%22%2C%22door%22%2C%222023%22%2C%22movie%22%2C%22streaming%22%2C%22watch%22%2C%22online%22%2C%22on%22%2C%22goku%22%5D&key=5451e3b03f99f5f24a7f6dab62ee68c9&scrWidth=820&scrHeight=1180&tz=-4&v=23[.]8[.]v[.]1&ship=&sub3=invoke_layer&res=14[.]1781&dev=e&adb=n&uuid=b369f7db-fe95-4274-b016-44c4465f3b7c%3A1%3A1&adb=n

Analysis

max time kernel
77s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://encroachsnortvarnish.com/fyxndedtn6?xfgvg=10&refer=https%3A%2F%2Fgokutv.me%2Finsidious-the-red-door-2023-hd%2F&kw=%5B%22insidious%22%2C%22the%22%2C%22red%22%2C%22door%22%2C%222023%22%2C%22movie%22%2C%22streaming%22%2C%22watch%22%2C%22online%22%2C%22on%22%2C%22goku%22%5D&key=5451e3b03f99f5f24a7f6dab62ee68c9&scrWidth=820&scrHeight=1180&tz=-4&v=23.8.v.1&ship=&sub3=invoke_layer&res=14.1781&dev=e&adb=n&uuid=b369f7db-fe95-4274-b016-44c4465f3b7c%3A1%3A1&adb=n

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3836	msedge.exe
3836	msedge.exe
4948	identity_helper.exe
4948	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 4620	3836	msedge.exe	81
PID 3836 wrote to memory of 4620	3836	msedge.exe	81
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 2256	3836	msedge.exe	84
PID 3836 wrote to memory of 3696	3836	msedge.exe	83
PID 3836 wrote to memory of 3696	3836	msedge.exe	83
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85
PID 3836 wrote to memory of 1592	3836	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://encroachsnortvarnish.com/fyxndedtn6?xfgvg=10&refer=https%3A%2F%2Fgokutv.me%2Finsidious-the-red-door-2023-hd%2F&kw=%5B%22insidious%22%2C%22the%22%2C%22red%22%2C%22door%22%2C%222023%22%2C%22movie%22%2C%22streaming%22%2C%22watch%22%2C%22online%22%2C%22on%22%2C%22goku%22%5D&key=5451e3b03f99f5f24a7f6dab62ee68c9&scrWidth=820&scrHeight=1180&tz=-4&v=23.8.v.1&ship=&sub3=invoke_layer&res=14.1781&dev=e&adb=n&uuid=b369f7db-fe95-4274-b016-44c4465f3b7c%3A1%3A1&adb=n
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe4d046f8,0x7fffe4d04708,0x7fffe4d04718
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2736026407417047367,3433258510421088491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7ca56d9c-817a-42fc-b2b2-c6faaa441dcd.tmp

Filesize
12KB

MD5
132e1c88820e7b41c469bf9b0b95d4d6

SHA1
46e7a336e30aabccc4dda883a96457363ac6c6a4

SHA256
2272cf87d76b97b8c0346ea2db8065a2e5a2263f21c99cb3b387c7e5818ee3a6

SHA512
8cbd8e1eb1592106b154d9aeff3830b56c908e7db35dfef4a7c31245b8690669f6b68609bf7015145edfd4ad990d670cdfd44c60675b7122ddec9ef95fa9f280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
e03a5e58a9449e87cf88e9dab383a165

SHA1
50a76c08cf081b926777ed8ac8d5bc18a464a369

SHA256
62a2b5e003bf4c0c0cb8595d522ed75066c543945f8544636ef2bc6fae283c7b

SHA512
617da2a5ae2f3a27f4858e9752f6ab2f29a818995cf5edaa046733a463ce6057e4cbcff5ed22093c94f9ab126313746269a3924b62444c7c8adde036e50982a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
410B

MD5
be23251d474bc856f8bb2a1df8481290

SHA1
13774a2b564defa000562fddaa8b5b293dea64f6

SHA256
1fbc03beb479703f19e970cd6c9dae68cb055c246d9e8ac986d3bd948695717c

SHA512
2ff9dd03b1debc53daab30834ed37d644944b195b2cb185e395799a07041779136cca80ebb38799948be75017454e22822481cbe919255ee27185a495220c8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b99aad29b214859e07b4f1a9b0f7dac4

SHA1
da74b1a1beeb86ba5ab27f2485d37cefff2b1c30

SHA256
82f31629dd02bf62f14cc88601b0ea46cf2f88fbcddb102909128d592f63f730

SHA512
73dba3913fb2d4ace59b8a4aa020362d09dd2d6d39e2529d095ef3434072038efc38b9711eeacaf420f018d1d3ec871e0d99466249c78d3fba17088620094506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1229dfc26a352c15e9e8b31eac5532d8

SHA1
e0bb5a6679851ee91f9f7425697e70ae7affa1cd

SHA256
4a126ec778f8806d441ab7f01d42f1788fb5b8566812a64cc81a5448cacc088e

SHA512
e442e909143e817a6b0783222cb6daa41df8daa7606f6c4ecfb46db706cb8467d467ac259458839ed7d6a00ffe4f216f28265368b3db533d9e0fa57f410c04c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a425b2d4cda52829913a72b58227a2f4

SHA1
af4a7f4a25ae007df24bbacafe2419368dabd1cc

SHA256
07c66e7ef6a1404558979307556d710bcb5524e7c6505bf7a41c5b46fa5359fd

SHA512
7604787721016fa8e80ec2b415a82e25425be08a2325cb77af800af5a48d1f6d0099c3557af5d9a1ff7d81d1e43a0bfdb27b2865d62fcf8bfc529391ae45ef96

Download Submit