Analysis
-
max time kernel
105s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
18/08/2023, 15:27
General
-
Target
🖨Invoice 10846.htm
-
Size
2KB
-
MD5
ec5559b81d5e62b4e3fe8d7a8771f05f
-
SHA1
83471ee24d3193bb60ee781b9dc63a9e0417e762
-
SHA256
2b344616d67527a2b67fa9c34ec18b2becd26045e87d34a79e5f9b9e7f09e44e
-
SHA512
08ba9a153ec1f577712496f4c31f87fb508133f4030c8a4dded617d5f1c1c440fcca039827f35df067513f2d83aa98ea4520928ae72346d1c15c0f5960bf763c
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\🖨Invoice 10846.htm"1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8377d46f8,0x7ff8377d4708,0x7ff8377d47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,509956246598469108,13690156565321063482,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
717B
MD560fe01df86be2e5331b0cdbe86165686
SHA12a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23
-
Filesize
300B
MD5dec6bbe308eb44937f77160a25ee32db
SHA18f08a4b641b564b67205e00106ca6bd9ca46fc6e
SHA25668a71de28f488586c2b169f4652347e0a1fd632d48a6d6725393607bfa18bc7e
SHA5126c2d684af52588cfd34a682337749b829c2336b34d6add7e8bd6e0c641862c26889617b4d6e9f298fd177b89527deb696c493a205ea8490bb8aee60090a68475
-
Filesize
1KB
MD5cc51781ed4bd7da62b70224a52fe7b7b
SHA14824a772273eeca304e06371561d3cff6d2adc1b
SHA2563ae561f0f347b8bca55692cdb44003b9f5ee00928cce18d67541113fabf1f079
SHA5120645f45cb3baffd8281dd2d2affce58904c40120c9aaab339ff4f01c078c63e15f8a47299515576d6f70c7fc28a931b254c044639983938686525c5e1b3dce8f
-
Filesize
471B
MD5fff32241303f52b2c16e88871057f963
SHA1fda855335c975e5e7b30778787efabe62ea0c125
SHA256179a0d57914efccb57517bad1abe541d4ce2a1495cae2231f34896f4a246ba3a
SHA512914ac38cb8c6ca0f65297ce85f970ab3b0a4f024d712338dca0c506239da5317aaf7e596cb171978c89850e5f5efad634547786249963c08f468ec396e9b848a
-
Filesize
1KB
MD5ed31f81f7d7364312f450fa1cd268294
SHA1c2b48bde6d33486e843ce3bf509ff5d6f1544acb
SHA25697577c56f37a2514bf3d82a40483380382b8810ceeccd96353d548ca732ab766
SHA512a324eb456c94234e26d1b3456d176d1199283454811f75095af96d7f1ed49b324c680859925a2f97b8839da1ef47c1b71f6301b0ad0657b1de619075f79bf8a0
-
Filesize
192B
MD5e492f35273aa491fbb9afb72774d92fd
SHA144049ce98da4d3effc59f33c87cfd0ab674fafc0
SHA2566578d6f97ca8d743955fc5743962190e059fe1820dccaf20c95fa35970602b80
SHA5122def8ab20d9eef76121a3103c543b205ed2820452656393f630f431028656fa3ec3e6a7797cd2b042cc50bb74660ea0cbbe5b88e15bd7716769f35f268f67828
-
Filesize
192B
MD5173871962ff17a45d0a71be567f9c131
SHA182d93fc7999c9d8a77b604c9c2242658621683b2
SHA256db239d85788477e152ff3e55e025aa0526dd3347b3a5d878466a52fc5a1a3f9d
SHA512ee021e90f4faaba0ec8ed7472cb79644d5f5a7fc5e377c99f7aa5e55837c432bd81e889fc64efb22000d659efadb668acf83cf93f4a66bee31e4309e8f784e04
-
Filesize
408B
MD58743d6bdb6fdf0586cff4f49d1781e5c
SHA185bd57f19087d058f5f549b76c6eb1b9e608a261
SHA256d9dd9be0f6393db86f77d96fac12e527316c60b4f7f72554da1c44b47867b655
SHA5129fedd705b48101259a698bf459cc3b525f2025f71fc2fb1cb616ee9cb1ba8a676bd41919eb04389c1cd01ac11b1408de425de6f619128eb517f8ccc12f45dd38
-
Filesize
404B
MD5401aa2bef3464950da5f295f898a78fa
SHA1607a1b05fd53f32c9b42ac8c0f1cc57cda655e7a
SHA2568e8ea6e787e3ffa0a8b177980f5aefd7ca6d9d36f2b7c27adf57fa7281a7d0f9
SHA5122c019b4d260516f4ab536d8e3bac9ad7701bf6d041069e519fd4882869742c916cdfd0772af56b0981b3661c9f7c973bb6b228aee369482370ea27621db0092b
-
Filesize
518B
MD5f8693df189901a76cc76e9557379e76b
SHA18c0761db195bd8a2046d8f217be69a3c05f7310e
SHA2561e13249bf9821679ee19295d7f3804a93aee7c7f6489b5074345639f46e24c88
SHA512aba111f3d01926af19ae379fe529c87c737c9ad1db5692d28d861e7ef7cb66c2ca03e3b3771acf001919685cc3eca3644c2064769425d70a3e5b2447e9fc51d5
-
Filesize
152B
MD570e2e6954b953053c0c4f3b6e6ad9330
SHA1cb61ba67b3bffa1d833bb85cc9547669ec46f62f
SHA256f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4
SHA512eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a
-
Filesize
192B
MD543c68fcb151a5e5f37656a91afe03110
SHA184b0dd2ed7c0c50f198249e692b012b8e5d926d2
SHA2567e381d45f45b246ca46068c1097656b3a2cb7b1adb29f65cc5541eaaa1be6270
SHA51251b869e17e4dd3624af0e8fdbb3920b7828764832c76407443ad0333e03c2d6cca6ccd4f1fa754349c0eedf8576041211b6d2434a21619065e01475477f12009
-
Filesize
144B
MD59b402061125ed11d2b73fba9574205c9
SHA186aaecfa5b8899a79899d896172828955ae06554
SHA256d625d939da756faa5310e7ee7200d47449734e6bc6bd744eb748372d4a2e8dd5
SHA5125cd2ecf874a371de5f5e708602d972b52eadc4659ed5fff3dd5f3f01ac3f49642a375875e456073ef8f9ffa1fe516e6d87bb6058656ee42e9ed05bce0ff90213
-
Filesize
834B
MD54d44abe2bdaad0c280046ebbd5d1d0fc
SHA17fbde9c48dc341da99a060361219c1ef6ba25879
SHA2561d4c99d693d418904ef8fde81320984d65c13647001079d015da9a2668a46736
SHA512be11f58fd28df02b75ac98afd7640d0b642718b1585cd1cac638eaca9af1fc13f5e4609e2bd0dbe84b3a6ba6f8c98268f63327a5b41d25dea0abae94ad3a59e2
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5b216e97d0e3525334ab44b5d82129d68
SHA17a9975cc9870de0862a5f748fce7babdebe745ac
SHA2565363d7f44360fe88605a8012fa75a14798deae20c5acaa58bd1d6ff0db837064
SHA51229af57987b6b85d8ba1828ca8a486dc5ead50f2ea9e6ce860153a21072d5fcd52f52575200bb8cc7cde11c74f00020084ecffd8e19a660695392718043deae47
-
Filesize
5KB
MD5a36b8a76de063bed2ecc4ddf29f48bd0
SHA12219da42d206b5eacf87d2ddb4e92332aa40f789
SHA256297cf465f01e2cfe0eaab0530bb46a62ff6fc61550be520a4ec945b82fe7849b
SHA5127cd3e1b60ba2bf7d0a89bd6be155fc20cafb912b8c6512e45b0163b0d6c56017000a2e866794e41733b4d9088d586387366b8f67c95c08b19cd1efc153b522f6
-
Filesize
5KB
MD52f43ed117a453466b637f52d8b3bc3dc
SHA1a75bf6230ed6011bb9feae3302d7e5d23b3656e1
SHA2565f308206f81f6e067333e03d21bb1f9b3153ee2ea8b46b5c6c26d98903ef80f0
SHA51298735f8e306d8bbb18d038318d0d242ee67ee4491647edd6b5fa34700de9cfaa510ae2b8b25af1f873a5b452c69b541c43494f425c51a679549b375805115b0a
-
Filesize
5KB
MD5a7e4273f759a964df7b833f42ca5116b
SHA1bf4acdf990b42aad8f3ab827f78c2782232ef37d
SHA2566d5a869310a3d089258cf606c99bbd6a60010da59762088b88f5b4621712a1b1
SHA5123999489eff12d983b9236da2589c6434b978b8cb773ac8d9c371df64970965fec9064405a58aa6ca7e4f63e1eb544c1175aa19648ea3fd9b0dd5d76e9d890ff8
-
Filesize
24KB
MD55a478f1e08816969e8214f982850b754
SHA11cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c
SHA256665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489
SHA5127e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD55e7e4476af195b6867041e31e442606e
SHA1734e5bdfa42e2284780d652bc3340f48c0375fa5
SHA256d18b439ee14b4c34f61415182872172c2402ec625e3f6d3e91c3ade5c35928a9
SHA5126aaa2e8552cf5da149d508e476b5ef441e460586f8c83d4867cc7220159d19405074f25c954e258cbdf433d81b10a3520eae1ec639669fd3512bafe6778a15c6
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee