Resubmissions
25-08-2023 14:05
230825-reav2seb7x 1025-08-2023 14:00
230825-ra8araeb4z 1025-08-2023 13:55
230825-q75qfsea9s 10Analysis
-
max time kernel
252s -
max time network
260s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
25-08-2023 14:05
General
-
Target
https://pub-5e34bcda437b499399d6abc116886480.r2.dev/indexR.html
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pub-5e34bcda437b499399d6abc116886480.r2.dev/indexR.html1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf28546f8,0x7ffaf2854708,0x7ffaf28547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6100 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,5485189407144111045,16529621990156225997,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1048 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x338 0x3f41⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53423d7e71b832850019e032730997f69
SHA1bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA25653770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA51203d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
144B
MD5e3982ce12953a36ec0c9c674e403727b
SHA12adca8b7056a490ac43d95416c34ec64b3b283db
SHA256c776594c12d811bc75c2fb4f684df902250831694d6480c84043704ed3ea114f
SHA512bf15c86059dcb07233c9c71a0c27bb4ce05d91c59d198da89b20e43ae7db29eb1b1351037d3cdcb01b33f06d94ab1773d1c7a27f3f9c1873b2a50e33a5a417c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
493B
MD50d6d11fc476cb96de09663db219d2448
SHA19fbdd0937ecf53e1e48aa42dcef83490cda20a5c
SHA2565af19f7b9df88875c88734b5e0b65e263448e1884ef73e4a055f74cc5ae21d97
SHA512560508499e8cdda7fe7ec0af70c07674710b4c85f568da575a9b129afb883a1f6ba459be8b5ba19e1798a8533036de22dea04768a48cdd9c739a6bbb08b018e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59d580f3cec574dca09326f2c99376225
SHA1b8c55cea848cd65d6f0a3559bf5b854ba13a35c3
SHA256863548b5fa106b8bd2a55c969afc3948b1b098a07d3e4f1b9f786b8f0bebe192
SHA51260cb9c05ee507aa1057d46ab2d387ad3f3e7ec4145c42ca49cb8c3956f3041b1d2a9eb39964849f6eeb101f0a8312f39a5b36fceb14b1a32d5b35f62f924aecf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d9af4bdf0761a327f3089412df0c248f
SHA156edc60413681dc5d6587c67802e844130075af1
SHA2564a00ba931c6e26444f0a8d6ce1c7b33e25906942c5dae97271d5101df483e39f
SHA512320c0a39085ee122cf74620c96728af6a962c15ef8a185d9959c2a061cc61bf067449ca042d9930193601a64a05a03c1eea564abcca3fda21b849c73b3440df9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ed14946df1fc567cab6f1bf8d23efeec
SHA1fb878203faacf2f73c6e005c227d25d8772f5b1f
SHA25659647d3eea265e79b2d2caf225028033ac525503123b64d239425260adafede7
SHA51208f2f64389af958ed7970c0f53b25dc00fb502729f2ca28b4176dc7957bb40523af7fd6e6892f79b311612677e5c0775e48d052bc6c26acc0532a36ae35ecdec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD537083c2c318d0e9c7321eb05e00a8179
SHA1d1cdcd3594e1df824775bb411eda21ad4cad24f8
SHA256d6e1a324cc287ba884c8e386201f3f35c75143d396d133aa9f40a844e94cd099
SHA5123da2cf081c9a059945f4db3cd2e72adc4516994f155794499b4dfaacab3db293ea0aebb7ab976803dab1dd0945339de284e299625c82106e7e70658c3b09b8cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5daa8574cd244c7eab224f7029f6913c2
SHA110e33165cb94ae759d9573294983c089d1f5e4a6
SHA2560125d040d82194686eedebe464e3c0a5b2ae2f00448ee155c13ca71d153b98ce
SHA5120c35f1255b868b36c83af1e78af4b8bfbde6e58a252ac7f169ddffb22ff448c3a59b9911f58f62a2bfd5c8f55b698056af4c478a392e0d5f2e9ad19896fb185a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fb4e8dddde302aa488913255f1c2ca0d
SHA1d91790297385fc1782616485f8241e87400204ec
SHA256a1ca5dc74130e89bf43390df8679d12a8adc637941921c744737901bfbdba666
SHA512de30ee96016c37aa593d2f0ceacf727efff56f32e8ab05312e37434bf3fda6a5fd00d1647c4eadc1bb75d386ebb4a637d22f8060463da3fe317908d251b1b34e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD50e78f9a3ece93ae9434c64ea2bff51dc
SHA1a0e4c75fe32417fe2df705987df5817326e1b3b9
SHA2565c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68
SHA5129d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD57cea5fe784b40521995f456e0bb602ce
SHA12e8624dabf66eb381f29405a81b9bdaaf2c944c6
SHA256a620a4c046564f49f1806c070f2390b186b9b1800accc3ac5b2a4c8c210fdf03
SHA512519c19f9bf1c3fe7b3cdd460671c3aae695d494873bc4d7ab2399372fc9d56f81d7e71000d92700e4cd81110b5b1bdf1a6b70632fe2766961764b3d0a0de6b59
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_2080_IWOMDRBEUUFFOUIUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e