hxxps://www[.]linkedin[.]com/slink?code=eUEkmnjg

Analysis

max time kernel
2s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2023, 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.linkedin.com/slink?code=eUEkmnjg

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 740	3056	msedge.exe	82
PID 3056 wrote to memory of 740	3056	msedge.exe	82
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4848	3056	msedge.exe	83
PID 3056 wrote to memory of 4700	3056	msedge.exe	84
PID 3056 wrote to memory of 4700	3056	msedge.exe	84
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86
PID 3056 wrote to memory of 4148	3056	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/slink?code=eUEkmnjg
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb06b146f8,0x7ffb06b14708,0x7ffb06b14718
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14537328098804423471,2196008130086485353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14537328098804423471,2196008130086485353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14537328098804423471,2196008130086485353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14537328098804423471,2196008130086485353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14537328098804423471,2196008130086485353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1b739a48-3006-4aa5-b690-ee4cfffae383.tmp

Filesize
5KB

MD5
93b00b057b306e2798d74f9d9280ddd6

SHA1
d935128a18222db202b17e4df336018d8bdf986a

SHA256
90f70cc25e2f364a873ef59f8d3101c5a536fb14151630b742183bbb037a1084

SHA512
f4e8ea29d825bb0b32fd21c9fb95cf776f44b80ee62d6d810123862985c183f3ff3d274fbb19221fc59537a75b4478003627aa4f35f816c71480d4c78f5853c2

Download Submit