Overview

overview

5

Static

static

1

URLScan

urlscan

1

https://app.clientjo...

windows10-2004-x64

1

https://app.clientjo...

android-11-x64

5

Analysis

  • max time kernel
    32s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-10-2023 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://app.clientjoy.io/form/b13cc958-2214-4a59-8452-a5a74ffd4d0f

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.clientjoy.io/form/b13cc958-2214-4a59-8452-a5a74ffd4d0f
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4436
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb76ab46f8,0x7ffb76ab4708,0x7ffb76ab4718
      2⤵
        PID:4988
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:4268
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1632
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:2080
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
            2⤵
              PID:4844
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:1524
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                2⤵
                  PID:3900
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                  2⤵
                    PID:2844
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:8
                    2⤵
                      PID:3292
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2148
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                      2⤵
                        PID:2480
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                        2⤵
                          PID:2988
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
                          2⤵
                            PID:2108
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16738506286022626984,5816363088213466283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                            2⤵
                              PID:5044
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:3604
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2064

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                4d25fc6e43a16159ebfd161f28e16ef7

                                SHA1

                                49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

                                SHA256

                                cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

                                SHA512

                                ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                Filesize

                                185KB

                                MD5

                                a9673bd087b4e5e2cd21862f8b7d8054

                                SHA1

                                0854f56b37b3c7c3938ebdd75a79be32c94b281d

                                SHA256

                                d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

                                SHA512

                                3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                456B

                                MD5

                                a1df376950ea93b511de24af1215fe2d

                                SHA1

                                134462ed67474de99b11408403169be066594c4c

                                SHA256

                                17f7b64003e6d81e810a7aa1472f775baf4dc627fcb0413b1835b61660c78939

                                SHA512

                                1c024738cebdd87b47a946a3a1e4634c0c430fe9477f4bd54fb1526cc17aeed83cea3d14d087f9a7a8844c9b0989458da0ae45dd147ddc130ec03e92a1925dec

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                1dfa97e6f0964bca4b6a5e702ecca53e

                                SHA1

                                17f69c80c5244b198740084bf8f5a291c88783b6

                                SHA256

                                15afbc06d38600cad62d0d54675804617db725c90adff2213e8233760b09f214

                                SHA512

                                a131ceba17a3a70272cde7af4f95016f6294af2741471a3b7a8ed502be6fdc20b26822efa7954467b8a1589c55fb79e54ff512a2df08dcc59e3bf9a816781b6f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                bf4b923e3809223711b33c83bc7fc5fb

                                SHA1

                                f53e09b024aa4d2556f7bfa224b9d4b822ef0d3e

                                SHA256

                                9f2f0d31a7c2e5dca444c02dfe5610c1e210bd3863d92b17e62656a3eccc8ec3

                                SHA512

                                0146677307145f25b0cebd00eff0548e4d2801a707d904722b1266e2bd05baec69e3d00c2e43bf06b3e1514b1867674455d3735d2cbeb625c0e39efb4d6a1dad

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                d555d038867542dfb2fb0575a0d3174e

                                SHA1

                                1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

                                SHA256

                                044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

                                SHA512

                                d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de1729dc2f11f6df6779c5f917477ace8797267b\9fc94ee5-9973-45ec-8189-194f1c58b7cf\index-dir\the-real-index
                                Filesize

                                72B

                                MD5

                                59c36fdd8fb460744059020f98f84fb4

                                SHA1

                                856c376a0e75c8a3cab13e1d7a157186632f4cf6

                                SHA256

                                1ca879e8bf48a0d1c3a7cd7c6c0602656183f75de370545ecde676e76cdbbf05

                                SHA512

                                1e87dd6605c61baa3c93de2694c2ac6929baf4c758dd444a3b671f3c46577431fc9872df9f7b484a28548a556476d8a452d4b7f082975997760b8d8de611c933

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de1729dc2f11f6df6779c5f917477ace8797267b\9fc94ee5-9973-45ec-8189-194f1c58b7cf\index-dir\the-real-index~RFe58274a.TMP
                                Filesize

                                48B

                                MD5

                                076d08a25969dd7551850900e874e902

                                SHA1

                                8b58e07b3734b1b032e0e934d30c147f5d8541b5

                                SHA256

                                f33e426288a64ff409103244df4d353ef3182c0aaa1b913f1dadecff2b8f23b9

                                SHA512

                                698df6ed833ca9f82bb78feda76699a50787b88bdb3b9bb63c4b1de556cec19dfdcd0d762bedb3f72bb84e4445f3f5830c61f3772e3fdbc8006e02625603fe59

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de1729dc2f11f6df6779c5f917477ace8797267b\index.txt
                                Filesize

                                127B

                                MD5

                                ed4d66c63e0793da778def47f90f88c2

                                SHA1

                                b1908c51e2a934141ac702529a411bb6e85c047c

                                SHA256

                                54c0831b68ce7ad7ed90a121f61e0a7834d7e4b2c15c108e351827336a5f4b54

                                SHA512

                                0b535a8438c282ebe37332a2908a650a0c9cb19fc53d6d366f9b8b78b2aa8a3c181e1f4cc875228134891cc59d59b834829fceac2e56c1aadf5241e7e3d5bd19

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de1729dc2f11f6df6779c5f917477ace8797267b\index.txt
                                Filesize

                                122B

                                MD5

                                e03f912232eb0c0a1fd385d9f00b157c

                                SHA1

                                943901c9b3f8ba6582adc94d3cfd33d3ecde4d88

                                SHA256

                                cf19c3e0bb039d2493749b14b35c1fc1917897a50dc6dec5b1149ebfcfaadb0b

                                SHA512

                                72de947f7fa6d708bbe372d26f077de6bd63fc54db95c53ac865539af1834e144a02e99a9c870574a0784efa77cc72f7fe4c3f9cb0776932e4678b8886ebdd31

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                Filesize

                                192B

                                MD5

                                008baf99cb8d9a26e3513eb9de4be951

                                SHA1

                                27f36b9d4f957c5e2cc5a77e71d84e592cf0a2d4

                                SHA256

                                4412d24d7d5b9a54ef9718a1949e5eb70aa4aa155b827a0f37649df2b7b60650

                                SHA512

                                3e533904d8c1215644a2f3c5b1a83560d8bfd8662d36cad200234e62b941b2b60cff24f5634ec818e546a8ab79ae652afbf6a3009b49367344a9f0dea8cfe4f6

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582556.TMP
                                Filesize

                                48B

                                MD5

                                238ad17c34ca6043068954f84a7e6bb0

                                SHA1

                                0e6af0f4c2d8e4c70d829a1fcacd2549ca684b7b

                                SHA256

                                de173646bc8b44dc34266724608c894c26de7af343aec2d00dca88f816280180

                                SHA512

                                8fee76ea450916bb22e5d92f6df395604fa70174dd0108f0f22b95930e331d43814a1561cb215b592a1f47847317617c7a7ec9e83e231cd75a0e87d1d351fdde

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                2e587e628d91240d99014fd2c4643df7

                                SHA1

                                6b1c317b6815fd6df7f9290275c0b8271a215778

                                SHA256

                                67ed40165435c277cdddd1ff510ad9543e8d0c5e9b2b78f1d30cb084316fa78c

                                SHA512

                                386aaeb238d52c0af9463a479899166c790f937cc5ea2f256b55dfd7ce466cef7d18b08a87bc734e7ac765916a7efb601c7f1d226727bd66460f6b362879202f

                                Download Submit