Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
23/08/2023, 08:16
General
-
Target
http://publuu.com/flip-book/85565/513563
Malware Config
Signatures
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://publuu.com/flip-book/85565/5135631⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff923f646f8,0x7ff923f64708,0x7ff923f647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5640 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,1468027966704218545,8707077419564949753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5652 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x514 0x5181⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fc99b0086d7714fd471ed4acc862ccc0
SHA139a3c43c97f778d67413a023d66e8e930d0e2314
SHA25645ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96
SHA512c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8
-
Filesize
456B
MD54180dbff6cd573eee153d77723d8ad17
SHA11c372ffb5f46b4ec48e5a197c7df7c2adf3cd396
SHA2563574e189c7ad13cf541bd6e75bfa6134f23fa19cd36a49700a51c4affdebd390
SHA512772a0bf286b03a7c004c74078d2d03ce794f81a850fb1624358a7d27a81c1d034dd5e93a384e85ec2391fbe9a4d6819a917476ac35d1d2acd4f29afa3b25456a
-
Filesize
1KB
MD5ca70a6855b70d7d0ce191ea5c3241658
SHA14a8d54951ba3929ba271d8292cfd8ca81aaeed17
SHA25690276590026c43a6ffcb3f3578980608cf0924d6184055b4d256187c3af6122c
SHA51268f2b3dad043f9b17a63efd9216524010a56ed5b4c5cd3352fe24709779ad3bd36ee26b6767f0f75d5531c2015ba502fe79ebbad95d762c3a3f573de89fb5b26
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD54b5cfeca2f6dc3cb82b87289c34611f8
SHA1b67be37382c37a558f5ae7f19241f0e14b38059b
SHA2564164e3e7b6c57f7c7a9186d32948b5fe135bad701eac8fe6a889e03b43a1cbd8
SHA512bc22fc42449936069cc959b531e0fa93070fa946270d2518dfbb2f259959158d052ff26e5a784e7f623cf798af05405520b0c28474c7e01e550cf9db60df46fc
-
Filesize
5KB
MD5f73166013a3d9cde31df021db9b369dc
SHA1e255dfdd3f174918e61649291e673c496dab9ffd
SHA2560a7a61e8cf8c9f8b2f6581d30adb090024212ca436db8345b1d126dd12c7e178
SHA512dd459235fd06d0d5a83ac7b4b77de024cbb60dcfdd011970be91356d09876e2329480d341a63aab1ae83fcde5abf68c88b4608cb04c1c9276cae29fff09e2d26
-
Filesize
5KB
MD50965cff7e4e0cea8da8509b6af454f41
SHA1073de6f5381db54faed8644b3a413cd48537d53b
SHA2562ad57c95fb56737889f36fc92b7854c67fcf894218b3e047f30584b89f8bce38
SHA512253d4fb8bcf8f21a44f45232b00f582ec37f27414b63a6a421e8985757773508a6130fb8a2f87ef6a54ca1c0da8f2195049b58f667d3dc1a8451fa58284da662
-
Filesize
6KB
MD52e1e4f0ca4a17eb1f14a64a3d64dd89e
SHA1314bfe5f62835d5c16523018bdc85d16662f081b
SHA25693df1def19975d311c6c61902a3c91095fbfd423f4eb625fcb911568f7ed7ce5
SHA512cdd61f6c6334d49ca8e562ff026c9284de54e26d5f5a5aceccf2969c9ec062ee8fe6b956b202c88435ffed34cadbf8ae22fc186450f8350934b58cd8ef0abb7d
-
Filesize
5KB
MD5cc89d2683377452d072751b02942be18
SHA124395575b6da2ad48c1a42c6f2c239851f4845f6
SHA256a7f1ed7b8c968b730b4eaa7633c3cdd450721de9a314eda41ac7f0647d7299d1
SHA5122a3f48610f5f1b055e9cf0f1f975690032c2832290279ce3e1b65e67e45520072c3e5fb9c7be79deff3efd610b21722de118df0e40994966683a36a499c1bbca
-
Filesize
24KB
MD596f00bbd6a174879c58220f95f0115f5
SHA1d3d7f82b0bf27daf1b3903bfe050c2d05422050f
SHA256644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107
SHA512e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea
-
Filesize
873B
MD5a0c9ce1dd6b5aeedb0cdf9ffdd0888cf
SHA1fe52ff035c97bed874698c601d382e7d17517907
SHA25608f823af0196acf3f6f058c815e321196372240901877a65f2ee19f15276377d
SHA512c9384908f2e4c011b7f79f7e145aabf774058b48daedc6d9092ef697b9c94be613a79f147c2c6879b2b0eb46ba2b9c3109d7a740a30787ce6d5bc18251a8960b
-
Filesize
203B
MD56c4050b0f6f2f36d67dda555c41db791
SHA1f28c83412c6152664cfc16e67b39fe9df981f69a
SHA2562c367a5d074b368d5e81a594b6ab5e7d8772bc929d5c7d632d81e61950d07d3a
SHA512c6a793e3c32aff3e7170c54e3a21c636909da41f0d995ddc6c48fbcf7b1204c01bd514527b9f91340abeb92a6e68785fcab3134d374e7d24f5d3aca4fd75b9d0
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD528abd0a88e01eb7007bdcd4f7f8310c9
SHA1886204d84715080fffcc7ad06edfe8aea369b2af
SHA2561fcb3184631705f7a5bed34a9d04e35b161e8239b8e1f2044e717eb43a7554ca
SHA5129f967d29b8d28798c0faabd92dd0fc7d99b72fa65cd8fa1939cae2a788502b53307ca2d0c3311281369ad79fb644446671574f308206400332e18aad30e7cfaf