Analysis Overview
Threat Level: Known bad
The file https://dreamrentalsbyowner.com/ was found to be: Known bad.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-24 20:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-24 20:05
Reported
2023-08-24 20:07
Platform
win10v2004-20230703-en
Max time kernel
99s
Max time network
105s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dreamrentalsbyowner.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb06b146f8,0x7ffb06b14708,0x7ffb06b14718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,4229980119886431034,7237601543091529759,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2728 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dreamrentalsbyowner.com | udp |
| US | 185.160.67.68:443 | dreamrentalsbyowner.com | tcp |
| US | 185.160.67.68:443 | dreamrentalsbyowner.com | tcp |
| US | 8.8.8.8:53 | 68.67.160.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.160.67.68:443 | dreamrentalsbyowner.com | tcp |
| US | 185.160.67.68:443 | dreamrentalsbyowner.com | tcp |
| US | 8.8.8.8:53 | 254.136.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b950ebe404eda736e529f1b0a975e8db |
| SHA1 | 4d2c020f1aa70e2bcb666a2dd144d1f3588430b8 |
| SHA256 | bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4 |
| SHA512 | 6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a |
\??\pipe\LOCAL\crashpad_4440_KGKITWBGCLCGMLHJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 354956bdf46e016685b5206838682a9c |
| SHA1 | ea48f0f05ba155139250e5d697e4cf927c2ea331 |
| SHA256 | d410771fdbad19820e7b76d7df4e7290714dbbab02f7153468dc0f5ea3b986dd |
| SHA512 | ec463b17c0d30407bad7d07e63f145aa3c07fed827cac146a5d68e62eeef6521e47de0c45fd958afd9bb6a5a834bff3ae158ef8caf488506cd6664de56fd276a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4b7235ee-d9c5-40e7-87c9-4d4985b7721d.tmp
| MD5 | ef539ba344e321d1793d6ec49f29b0db |
| SHA1 | ed9100af300360893cd873694b422e7061875cc6 |
| SHA256 | 81b729c3f124e6d3caa563f376c9201d4b89f934e6af4a5caf1213577d2f560f |
| SHA512 | 62ca3ef735c718ccf66c6b93eac2bb711e618cc7cbc525a62e4128557e4e18ef95c7e7fc09c6e365e057f833127b2ac399c93df663f677b9b1882f45016db0d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8f1546c6c477f13e3943337ffc17a5b |
| SHA1 | 612bd2d8b160357e4d25b5b479a05768f65c42f4 |
| SHA256 | 7eab285584b606125f47c1cbd6885fc2ce746cb77e50b5c54494fdaf0a04e826 |
| SHA512 | 1bdf253359b302723435a68373a1dd0c2db7f36c340d2c512497fe1ddd402f93bcc534e941e8de4954163473f0396978275113a3b01bfdbe846cb5461eaf7f9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ca36933e6dea7aa507a272121b34fdbb |
| SHA1 | 3b4741ca0308b345de5ecf6c3565b1dbacb0fb86 |
| SHA256 | fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d |
| SHA512 | 5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e66674aa842673cad4c710004641fde |
| SHA1 | 104deb8671af20dd330b8c289550d71b31e00fc6 |
| SHA256 | 789d67cb24391ab6189d53c6cfe694ecb827d013e729805ec8ab741b3960ac5b |
| SHA512 | 2e405763628b4a6cb01aabb44eea9c6e3381b079398dd6b5f9eb57f6f8cfec63573e522e513c0b152eefe6d53cf6f3c46ac3f825f2ec12c905393275b6138b2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a071.TMP
| MD5 | 7b21813ea10a977ee7ba130e69461c6e |
| SHA1 | d19529da5d7428b9e5d69f3ab1cc517c70c525d2 |
| SHA256 | c5eb854588f7c1d6c960b1cfb36a645dad833b900f27035543855bbb9de01aca |
| SHA512 | 32efa33e1f838c6d7cdbe7ccde0ae871c6eb0c4ff423a3268d95b93939fad83e47bca3846a86b680d3571eefb7107abf6e8c9df973cfa64d529aeb3c4493d3ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc20e6787c3bfbe7e59612a1abe4e154 |
| SHA1 | c113e8c474bbfa7314f9900220f7710a0755c62e |
| SHA256 | 7eece9a28b53ce835d4b2e23df4444ad5bd107a780bfaadc72ab5f50e08853bf |
| SHA512 | a4abd37b44f5c70c15d970e001887d7669b8aab3b924c899bfbc16dcdb0b17c0042c250d48b50e86829836d5ce0156d3e4b7ece9c6467b6fbdfc9ca3853b0e55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2e25bcc5b33ade78cba8ab5ab36fc9f |
| SHA1 | c51495745cdcf919b2a4bcff970f88233bfcda08 |
| SHA256 | b6f8abae86d37accccc3b8422e971d811efa99338dabf52f6abe3ddf0354e436 |
| SHA512 | bf0454ae361588f96d5d342fc83b29e746641ba22a90e0ff813d3e84794133e07bf160ce653172abdd6d207337929b78c4fae40f6c9342170d322ec91c954e2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89714be198864db1cb1f6b4db0ac4f1c |
| SHA1 | 325b30bdeac5ffbfe9f30c8e2268dd1d90598023 |
| SHA256 | de9a6547b90f718a38fe2ca762f1d652e260a4a45ccb29998a862b34548ce324 |
| SHA512 | 8a08c589921e6707a779cf39621d95e76c1894e33f12f92678cfe6a4d5360bc2e23bd46b0a1bf65716825eea821c664632a214cbd46df0a0ed1819a83db39485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | eb740bfa39ef588fddf9dbff85638407 |
| SHA1 | 8981c5d1bd79817bdd12ea9a8f4a174bd88648db |
| SHA256 | 1b1d7282ec0133068922c22f2c041533bdbe55e5f2ecdb9fcecafe0d436d70fb |
| SHA512 | b8aad4f309ced3f0f734e3587f88e8ff16dbe06bba8e928bf93eead918532b90e9648e1bfdf8659a95b0649dec9a35d20488f265ed5dc9faddcf9bd8e0913c69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9766a3d4a8b56d2a6f5753af3627ae85 |
| SHA1 | 7d0db07a2ae29d8e3d43bc6720422602a378e14a |
| SHA256 | b82367bfadf0c8596748607da0387defc84b27846674eb4ecf87f15b02ad421d |
| SHA512 | 5f33016b707e085d494bd6fe68e249e9761c7828921319a2b980d692651ea93e785c17ff0a0c4353c4322293d3c5929d829cd0a78c409587f48b5594ecc164e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9396714fc9ce72e7e0843b96eeac3be4 |
| SHA1 | 7e281b3db1e6ea044ca76290b3f68b6289b554b6 |
| SHA256 | bb6feed7a2b273f54e8105498e561fde239e029664ef98591c6ed28214863fd1 |
| SHA512 | 641a7d67a41296d74629b2335166d7b26e91358837fd4454aed8f6e9f9ab9776c2c67ea2f7560a12b26878ae6ac847280b4cfbf291cffc007cad4fbfe1238367 |