hxxps://alza-slovak[.]com/

Analysis

max time kernel
255s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2023, 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://alza-slovak.com/

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
980	msedge.exe
980	msedge.exe
5000	msedge.exe
5000	msedge.exe
3560	identity_helper.exe
3560	identity_helper.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe
4556	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4628	5000	msedge.exe	64
PID 5000 wrote to memory of 4628	5000	msedge.exe	64
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 464	5000	msedge.exe	84
PID 5000 wrote to memory of 980	5000	msedge.exe	86
PID 5000 wrote to memory of 980	5000	msedge.exe	86
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85
PID 5000 wrote to memory of 5004	5000	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://alza-slovak.com/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff85f9e46f8,0x7ff85f9e4708,0x7ff85f9e4718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,8902357637375948600,9853977759699820492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
16bbb0158fd0c72b7950e72a48e14b39

SHA1
9d4d67fc854a908a201a1bc94b874e9096786187

SHA256
efb38e87d3ed526db5f57882fdca00ab02e10a7b47714a37093dfe02dbd3781f

SHA512
73344ce599581c29eff4714e1ea1c2425d87a179d2f370ac81ee0d71d6c1cf4cced04cfde5b6b81e989cfac1d0f0cbe63f9745e1ae5d6c177015791c743305c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8dbe3f0b4599d59ce256723aa6c7895a

SHA1
6d4e83d1c1e360afcf2fe8c687a866671eaf784f

SHA256
1f8245422f3966cff0fef4df74d9fa38a6b64a8aedd305a3c671f1aa9be55c3c

SHA512
e1d58720018cecbdd1516a914eb769a71549435c28b2ce3a2280cbbf0e07e98367e07b4069b17ad6f5a3b156ebaf5a2e58affc1abdaec7e941f4ff2866860523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05819d059b6d49ed8c6e14b515ad97ca

SHA1
f84b31bcc3850a366f1ae99e23af382b31d5e4eb

SHA256
6fbef319e8a6b35b69c33a2eec7b8a10c3c6b03465d4cb6d214f32fc75295c84

SHA512
cab75c73a9d0fb6aeaede726959a59d46863e19b4cc68c88debf0c3c774100c7058f9362108e95002c37eb9bf931b04180de08f56896ce75c01250d2caa8605b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71a508610a74daa2469c6997527a2829

SHA1
3cdd05db671591bfbb3b8243160a907139165204

SHA256
7da5d21938300eb23478a0e065256fb7a0608eb194e5b89b7570cdf3a45e6725

SHA512
3abed6187863c86ba426037f437dd58fe1a83a0226a40c7330ff2d7abe83dab6579bc5b396b794d231f6b65815a73af4c008ec16b379f5ce80d2667a92d11a35

Download Submit