hxxp://gmial[.]com

Analysis

max time kernel
57s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gmial.com

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4168	msedge.exe
4168	msedge.exe
1988	msedge.exe
1988	msedge.exe
3244	identity_helper.exe
3244	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1400	1988	msedge.exe	80
PID 1988 wrote to memory of 1400	1988	msedge.exe	80
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 3192	1988	msedge.exe	83
PID 1988 wrote to memory of 4168	1988	msedge.exe	82
PID 1988 wrote to memory of 4168	1988	msedge.exe	82
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84
PID 1988 wrote to memory of 3372	1988	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gmial.com
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8158e46f8,0x7ff8158e4708,0x7ff8158e4718
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,9714578552841116289,15211192751606871847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
181KB

MD5
4c75aa07dd23352ee1225b5a64cc6b59

SHA1
387c73c282f9b15d8f62b2c9d830945772c88c7a

SHA256
edeab1e3b20750bb1c0d394b111109c0c7ab74d34117d16ee1487cc1cb8c23fc

SHA512
a0e185b33114a19e6ace4b7f6af1983c45b124ecf4ce82f92ff832ad9a57ae895798ccd4473a46b9fd530831482b3ec3dc729b10c2c85095a54a6834c563d86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
b20506050635218f745de32a1186174f

SHA1
2fe77fe01c90e93845d9d05c4c85768d8cee6d8f

SHA256
7bb33a42fdf2aa04e85f34eec38383701916c7288eb03e5b7e0c978b94702b65

SHA512
4b979506f4bfe2a2abdb33c99c70d36c0d18af748238f1e0aa4434bf612ff0e2a5a0f4aaaf6f997b028f69150dbe1eaa916230d9a77d5da651c59d7c3a026b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4cf86de97604abb47dd38a5a6042ab8

SHA1
ab22137028f397b293cb4e029d14de0bb06d041b

SHA256
4f734cc6381385e5916ca66568ec4c7e4cd7f5e7dce8afb59eb0a38337902ad9

SHA512
4fe36202a6a6c878ef2be8186f11f201082f915a8884e127bf71838f71ceb617a20f2431c6cffc7ac460ceaf723ce1e2f724a414d0feeb8db994ac370083f0bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42257671a0a45e14107706b8008fb707

SHA1
281fb032e37cce1b9d4dd2769aea694529658da8

SHA256
c093f32931f9be4a829b52684d03bee20bbfb25ce176ce305186c37a54ae0e6a

SHA512
698dff18037b55cec4bf2ceb355e6329b748be5ea08bad160d42ca5032a01843295d8b73d987661b7e60301a7f0437ae7b85c53a34abaa0ebfb803c8707838f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e4c3b11ccbf4b25efaad78f16564e2dd

SHA1
656f7758b91399299343fc8177e783f59e01253e

SHA256
27bb164001f126ce195a49d06a017ae3a9ae56631ed8bac59ec4c9a5bcb9d52a

SHA512
c4483b7da7c1bb342bd4809ccdd7bd9899d15b37d083f538ec5ff475d5af47fe1480a9453dfe7cf617ae6d7e10c12e6d90691cf939231603d55ffcadd0404d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
59f8c8aa499730c6a30c7d547ae21382

SHA1
ff0f7be95b83496c77867340fd1628fd81b5b903

SHA256
909b3747e86b237d47c32a532c44132fbac836d3882badb755d169c682ed673d

SHA512
3dc5d953c8dbec887ac5d1e4f6f1fa87e5221afb67112e67bd8b86b8beb67e0dccad5cab25a2a5e110457145b380d6736a61cf88d535a8d3ffdb2f20e02a2475

Download Submit