Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://mgroupservice...

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2023 08:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://mgroupservicespfs.com

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mgroupservicespfs.com
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb06b146f8,0x7ffb06b14708,0x7ffb06b14718
      2⤵
        PID:3788
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        2⤵
          PID:1412
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3028
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
          2⤵
            PID:2264
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:1812
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:3148
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
                2⤵
                  PID:3376
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                  2⤵
                    PID:4992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2644
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
                    2⤵
                      PID:2408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                      2⤵
                        PID:1244
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
                        2⤵
                          PID:1580
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
                          2⤵
                            PID:4824
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15935799133760435317,13871138749381729699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5132 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2492
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4276
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1260

                            Network

                            MITRE ATT&CK Matrix

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              b950ebe404eda736e529f1b0a975e8db

                              SHA1

                              4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

                              SHA256

                              bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

                              SHA512

                              6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              216B

                              MD5

                              5137300e12407403584339395090b1d0

                              SHA1

                              8e0c43a5b901b32acb1af1e88881e49b417c06ea

                              SHA256

                              a9dd1e62a78b244fc22d473f3ebecb8c38c8e9c8510a133371b97d8f02de73b6

                              SHA512

                              cd0a93bad0b7638e37a1bfbb6b171700935435fa8b683ebcc3ebda9455aec20ce8c7880ef17cb707f5ac1107c3752445702b6a54293de1a03f6a24b88519ac90

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              144B

                              MD5

                              ec5936f36404a13be85175d771d7fd7a

                              SHA1

                              01b80d9e8f69b519be85fa3909f32cda54e28fb5

                              SHA256

                              52cceee2d3b0ae981bdaa439f8005404fb7de3a83b7bbf82167a5ec1f78f67c8

                              SHA512

                              95015d14bb2391cb3edfe7444c45ba97dea9bb44799ace80c8fb5901befc41603229bcbddccde5e4250c5102d3f8810673932a939d4a63cb6b4dd9057fd90a27

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              111B

                              MD5

                              285252a2f6327d41eab203dc2f402c67

                              SHA1

                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                              SHA256

                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                              SHA512

                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1KB

                              MD5

                              167ab1281c1c1e671393b00aa93affa6

                              SHA1

                              e510cdb32249848d9efb9ff635fd3e96bf366aa0

                              SHA256

                              8e56e3d140d81132374b07d859723bc38e97fa072b7d135332142e356a9b3d31

                              SHA512

                              f3922f5b5b6a05cc86a5a4746bc0323be275dc0d7c7dc2c7cb49962a171a4e83a06933d7e275b290b9bf96c2d320e42cf540170a74efef91919d76b2c78c9442

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              f438b6ba62f849d00091d18a28323354

                              SHA1

                              274c4402ea06cccc897d9bdf0469946c1a54d043

                              SHA256

                              b482ee8408a7f65cd638ccbf4bae5201960b9a2bebcebad6e53171f9155813bd

                              SHA512

                              a64243157d8d7a47d10ec5e809e2bc2728faa1e1449dcc40b80148f79b35cfdcd36a5210396322cf45a482569e5bd1954e6417f57acfa6a7447fb483b4303ca9

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              a183f5d6c6a045879d0f7e2bda68d671

                              SHA1

                              65a719adad21c732afb65c3cb641dfa3c9865574

                              SHA256

                              a338b3c8386dd556532fa1e85b0262d0afb47fd00d88fddcfc4b233b924511c5

                              SHA512

                              751f35c78dccd00b4306da9c06e3d2bb4aa4eb311e35a5a0d7dae440bfb79c40b0061f38c2361e39c613d09fcc9d9bff085ae4b326a459687f9b707549b130f7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              ed1b1c985138fffc679126a722712e80

                              SHA1

                              b7ecedb25c174cd89933148cc5c05776ec2e96a1

                              SHA256

                              b553fd0cda87afc8ab545c9d4071e03ad8d3823403be45725777c08205a10b0e

                              SHA512

                              506cf14b2d2784b049cfff50429caca932bfe40983a2e6b3993b77a9d31c4239af365b2e268ccce0d1017a983da4a9b623aabd62aba5cf87f7d596b59f305637

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              ca36933e6dea7aa507a272121b34fdbb

                              SHA1

                              3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

                              SHA256

                              fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

                              SHA512

                              5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              872B

                              MD5

                              f152fd8706892df7749bd1dfb78b164c

                              SHA1

                              515a23efc540a0d5029620ecf402ebdfe15dad04

                              SHA256

                              c30fba06798e47cc6c7d55c8941a7328daae3c5f8724efa00467afc9b624df20

                              SHA512

                              d401f0a302677f1f6af7a8d26d9b2c80b80b463cb56d2c5bfa08b1d2c08622edd367033fc5e0cbc754b81b547b47679f45ff82e75867013f87bf8cb736a9ed41

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              872B

                              MD5

                              bd18b984feb4359a725684c4dffd4a2f

                              SHA1

                              0e9be90afe75f6868ee6ad9f862ab2a362f3b979

                              SHA256

                              77a688333ce4c408a5d164735bb48f60e71d31f48de19ca57b5bd7f7c83848cd

                              SHA512

                              771f142b25992d797024f991eca70fe80027e3dc050ee0295e26751deb844cdcc221fa6ffd65734a246deab745963bbbfd908a2315779de648613ca99390d9d6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598e8a.TMP
                              Filesize

                              872B

                              MD5

                              d8d5d8d524c32e4d2e8aa2959b81ee90

                              SHA1

                              8a1119dcf613b5351f9c7d9c565d28cea9ef25a1

                              SHA256

                              1c04df02bd2c25a4c0cc7bffe4d6a3ad51e40d0a82ee3c57bd853635b83dc867

                              SHA512

                              a236fd29437eb596808550007a68b30dbae13abf0fe5eed88fddc67810af3dda5fb24cd22fe6ecab3e3f76f47a2d0afab46a2047515039471530ec291b5080d0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              12KB

                              MD5

                              9a37c1fe2aba6fab03e537fa1f912192

                              SHA1

                              deb93aa47b4d618bc39066c5b0c9ebc397f03f6f

                              SHA256

                              b22c1b851439085da527def2f9c7a8dcdfc6c073655b1a3ec4f88047e6a2e6ab

                              SHA512

                              0fdb2483b7fb6844fff01e0af6ebccfceeaf5f207fcf36301ec46650dd1a7bda5f0d625ffd6f84eed09bcfb19e12218e6de014b11255a408800c66a4dfcf0095

                              Download Submit