hxxps://bittlies[.]site/Kui76D

Analysis

max time kernel
3s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2023 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bittlies.site/Kui76D

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
392	msedge.exe
392	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4048	4748	msedge.exe	29
PID 4748 wrote to memory of 4048	4748	msedge.exe	29
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 4428	4748	msedge.exe	84
PID 4748 wrote to memory of 392	4748	msedge.exe	86
PID 4748 wrote to memory of 392	4748	msedge.exe	86
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85
PID 4748 wrote to memory of 5112	4748	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bittlies.site/Kui76D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe99fa46f8,0x7ffe99fa4708,0x7ffe99fa4718
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17540130130594813031,7067574054851793931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17540130130594813031,7067574054851793931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17540130130594813031,7067574054851793931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17540130130594813031,7067574054851793931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17540130130594813031,7067574054851793931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17540130130594813031,7067574054851793931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6e83a14ae32b1dd8db8ac9da0b82d7e

SHA1
b2b5c915791c32f1e42f93000a5a56c4053d7d59

SHA256
2c68586c6a58df8d2f0fa4c4b220702392d9022c5d81ac453725ba10b2ec7e60

SHA512
dc6bd2cfabc10bc38dbd6fc3d8e216242b422d2a1e320a8fd015ab4b0c868780185ffb29131adde1cda134fec78baf4738a8d363b5e3507e6bc984feb1474216

Download Submit