Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://pinturasdalu....

windows10-2004-x64

1

Analysis

  • max time kernel
    158s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2023, 23:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://pinturasdalu.blogspot.com/2011/08/

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pinturasdalu.blogspot.com/2011/08/
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa408e46f8,0x7ffa408e4708,0x7ffa408e4718
      2⤵
        PID:1296
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
        2⤵
          PID:4352
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3692
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
          2⤵
            PID:2796
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:3600
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
              2⤵
                PID:1796
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                2⤵
                  PID:1180
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
                  2⤵
                    PID:4292
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4716
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                    2⤵
                      PID:4240
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                      2⤵
                        PID:4128
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
                        2⤵
                          PID:4856
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
                          2⤵
                            PID:2416
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4349912836737280368,18144607726147404706,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5012
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:5080
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2892

                            Network

                                  MITRE ATT&CK Matrix

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    b950ebe404eda736e529f1b0a975e8db

                                    SHA1

                                    4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

                                    SHA256

                                    bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

                                    SHA512

                                    6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9e438e37-5f5a-4f91-9944-d4aa49142d48.tmp
                                    Filesize

                                    5KB

                                    MD5

                                    6c968b7d7dfc42f7a0baae7be530eb87

                                    SHA1

                                    0c1cf29200952d31f1e6af7f21f7e684e1f676d8

                                    SHA256

                                    9a710aa79e601e3ab36946419a20f421f004952f3950d68ea96911c2070467a4

                                    SHA512

                                    a98fca4ed094ac97a09dc2763d17a1432b179b4b97a52a764c22f5200ec8025976916fe7e3efe61097166d34aa4afe2a2000a374f3d4ebe29484b7c840283c0a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
                                    Filesize

                                    21KB

                                    MD5

                                    defe241c5d1dc367f10d09ebb8fbaaaf

                                    SHA1

                                    6b9648c727043a10255355f825b41470f50f03d9

                                    SHA256

                                    505c2f6e0288f12d18d78640a13ea45c083a1a22a2dd268c3ee9b476214c79ec

                                    SHA512

                                    dd7dd571aac79f8afd099f961f0e0f94bffa3ad8f991c0bac8c5715978cb70784defde0172ae2aaa3107580ad1487b8b75565fee36e1468e2ceb2871be713454

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
                                    Filesize

                                    45KB

                                    MD5

                                    5752eafa899d2315bb3dada9a494359c

                                    SHA1

                                    528f9494fa2e5701cdff2cacb369b059cd43a692

                                    SHA256

                                    545fd462507a145ffab50adae35c628724857de556e1815ac5e4e906760a29f9

                                    SHA512

                                    1ffc07e5dc0f791bc1806048017c856f705f52c3fbfa4e430de0194ba27a28e7e43d8dff2ba91af83f9f22d7c7411461339504bbeabfba3440a5e675f7e38865

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    240B

                                    MD5

                                    6b0dd5f76bace24a10f490efe4a6a49e

                                    SHA1

                                    1aab84617c4508e594d040ac09ff753314f3c043

                                    SHA256

                                    1df3e97d47b8c6574bfc4ee410fd18092264dbbb23f5e5583ef366a74a486051

                                    SHA512

                                    b196f14ad9482cdd2c1af0b062a6da25a97ffb82e7f57dc247edc7709d7504c1d218b5e62570c1345f093f2b9a14e180b05667d16e0c3ccaec7a9f59da6b9b87

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    2KB

                                    MD5

                                    6e7c02015e07e2b2fa08b94c0f47a2bc

                                    SHA1

                                    f55cbc17a1210b6c20910c92c963b206187e4bfe

                                    SHA256

                                    44277d0ec27e4f50422500b561a1871134be2115e987dd6fcced3205e0933853

                                    SHA512

                                    ff1a0cc33f8e2f4f6c191577d2942f5bc441f915ef30c4ed8316fd71d0f2164a5311de0712ca96ced936ed6833b5e1bf43e24bc5861a69d11165b23a23571667

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    111B

                                    MD5

                                    285252a2f6327d41eab203dc2f402c67

                                    SHA1

                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                    SHA256

                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                    SHA512

                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    f8be28bf8ac2750cfffc59be96d19991

                                    SHA1

                                    5ba0976408621cbe80949a91cebca72d14fe6aa3

                                    SHA256

                                    058d4c15658825d4e6fe3a89ee6220fbb54f3815d24f6ef7d6e99891742e6616

                                    SHA512

                                    13afc1f5440fe14f064585f7f21beac108a8090166b876ab689a8236ddd8fd94b758e79206f02eca07ad05f12ed5bc7fa33a96ff9d5e2b2cff0c942033ecbd16

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    24KB

                                    MD5

                                    ca36933e6dea7aa507a272121b34fdbb

                                    SHA1

                                    3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

                                    SHA256

                                    fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

                                    SHA512

                                    5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    12KB

                                    MD5

                                    3ced16b754867fbf997935d9da27889c

                                    SHA1

                                    761d87e56d08448130447d82a898dc0b1748e48e

                                    SHA256

                                    201cc4382465d6108d424d501a7ba3fab886947c47b4b58abc0bc885ac1ad999

                                    SHA512

                                    c93871330c2e3b14633ad8fe95d436d3f54d30ab1e27c7d7af75d0490a08f35ac3750c7b66213a393de18ee343a957f294f11f5c6e2b29d4e185cf99a481e898

                                    Download Submit