Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://yotube.com

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2023 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://yotube.com

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://yotube.com
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3932
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ef9146f8,0x7ff8ef914708,0x7ff8ef914718
      2⤵
        PID:2172
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        2⤵
          PID:2092
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
          2⤵
            PID:848
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
            2⤵
              PID:4764
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:4828
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
                2⤵
                  PID:2972
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
                  2⤵
                    PID:3440
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
                    2⤵
                      PID:1532
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                      2⤵
                        PID:1448
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                        2⤵
                          PID:4392
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                          2⤵
                            PID:3400
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
                            2⤵
                              PID:208
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                              2⤵
                                PID:652
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17376844096647357221,7003319938894030593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:5004
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2536
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2548

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  fc99b0086d7714fd471ed4acc862ccc0

                                  SHA1

                                  39a3c43c97f778d67413a023d66e8e930d0e2314

                                  SHA256

                                  45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

                                  SHA512

                                  c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                  Filesize

                                  96B

                                  MD5

                                  278e146c075541d41b6df1a2ec46e189

                                  SHA1

                                  d05ca99cf280eb2f558929050b4c12067d178ccb

                                  SHA256

                                  7aa431c53d3887de02fb96274c3d60499ac78b398d8338077065bcc1598a0041

                                  SHA512

                                  935c505e059bdc28beb0b970249b51f0d839e4325bf921969d0dcd430f52d2980ae1e384a727fe1bdff313a6ddf7fcce964fbe4b52e9409708c66fe88ee57413

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  111B

                                  MD5

                                  285252a2f6327d41eab203dc2f402c67

                                  SHA1

                                  acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                  SHA256

                                  5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                  SHA512

                                  11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  183B

                                  MD5

                                  9e1275231d0007b3a42906cdadb34ea6

                                  SHA1

                                  de552221fd88afa25f6cdeceed2c825d4b40e41e

                                  SHA256

                                  3ac46af51f438f21927049f96db54e3060b81606bc3c1acfae0e125ac5c530e8

                                  SHA512

                                  5db406df1b09a4bc46c299deb653b949ab1dc6701977c5d964d1969333ea620585a5773ab3557ca87d19d18727e040a38285aca132828ff3491bb40a1dbee521

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  e87947da19c12ec48b0b2ddb7bdeef51

                                  SHA1

                                  e2b249da951aac26bc6046fd6c83b9ee7c957539

                                  SHA256

                                  d381bcbfe601492d207a9597640bccc0995d46e913a022da8d42ca600ccf9d91

                                  SHA512

                                  7baea657a0e68f386df016ec71a5f0e72c2c957ff1eb224ced762ae6998c97099d7420f85a94392b4b4cf0c9c8e704ddd9cdac838de55805dca0668f6d1874a9

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  793d005952cefb4ad212eb8e22c47d4f

                                  SHA1

                                  cfcf8edda82cb5fb164414a32d9eb646793c7e90

                                  SHA256

                                  a79f989dc18f51313ffda6dd1f312459b94ce00d8983e500b74ed14169c1404d

                                  SHA512

                                  b60d84852f50c9e103793d930fea4b27df3791e17d58fa68dd7364ad89e7d0403054b311798029d27cfacb9917c0f8cc4f62756b9efb71f9e42bb7d6b6f3f709

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  24KB

                                  MD5

                                  96f00bbd6a174879c58220f95f0115f5

                                  SHA1

                                  d3d7f82b0bf27daf1b3903bfe050c2d05422050f

                                  SHA256

                                  644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

                                  SHA512

                                  e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                  Filesize

                                  96B

                                  MD5

                                  188040ffcb45bac654b033b27b20fb8d

                                  SHA1

                                  f59b5507cb063a4d0615320a45cae3f1da0b94d7

                                  SHA256

                                  6b6a4f8bd74c0289becc7e2e2deb25998c3e676c6a152e4bdcc97c9464f395f7

                                  SHA512

                                  e0f19502ad2061c24bbea34ba12b87216268fb71fa3a4534f466c75158373c49aa6d25e88303758a2139c2dac7f0b1e47f9dc71b1e59c5450a559dccfa90c08a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dc46.TMP
                                  Filesize

                                  48B

                                  MD5

                                  f9dcd2037e09f206f2c6dce8c5a47194

                                  SHA1

                                  f4c208eb116fa59e1b11fcf4858beac28b52a109

                                  SHA256

                                  2a7f20ff91c5c858b986b17f29f2e2eec500a32aa4c9d35a7927e03d5b02519c

                                  SHA512

                                  ea396aca5c9eae2aa9dfe4e10ac7387e42d804167c4ace05e21bd7d36d1fa79ae8380851547d4ef6e7b7e1c07a4fe97eb640a4eb1efd8a61357dd6b10534ffc6

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  f4c623f3dc1527c1d6d74b5c13275224

                                  SHA1

                                  70ec2c32eb8acfc36fac7de67510e7a33158fff6

                                  SHA256

                                  8d523e14d8e9520e92092d211ab0d84dd7e3c7ef45da3e084f6488d84e6b8b9d

                                  SHA512

                                  b23ba320e9231453cf4b326d48d305a948d6be52576c0c9d46103e46149b3132eb275f0da428583da3b95bc07350aa342b4cfc6f4c09552e58c43d42107d292a

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  478828ba3b1e0805ad9b15864b60ad88

                                  SHA1

                                  3f74be5bf232987387f94e87d61eab0f822a005d

                                  SHA256

                                  a801fb217f2625cbedcb026e275b79b957282d23b95079a75348f7a1b371f463

                                  SHA512

                                  131008bbcd9a91295204b3c6b7ccbaf112514ac3920a3a41502c62c6351e83336ad3abdc4569d97f8d8069825b28ada64d7e9ee8a17ebef7f7fa453f10d329bb

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  12KB

                                  MD5

                                  de59ef2789a11d64561ce60fba75beae

                                  SHA1

                                  7a6e84b8ef1a11b955c61aefb6bc685c69d08c4f

                                  SHA256

                                  8ef6b85cb3c1c3aa2460415dfebaedf5ceb022bfaec49ee24d91a6db94326076

                                  SHA512

                                  fa8424fff26108b61f8b02ec2a300f92540ab73dae50c7ee4c8563dd31d26ea38836a28bc0235411f8c6b27ec95052fbfc2aebf33d5be500516c12bc07f1638b

                                  Download Submit