Overview

overview

3

Static

static

3

da293954e6...e0.exe

windows7-x64

3

da293954e6...e0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-10-2023 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da293954e6213c87dcb11407294daabd9e64d71183f630a287fd82f55c9602e0.exe

  • Size

    3.9MB

  • MD5

    fbb43b140170881eef3f369254b591fe

  • SHA1

    f50033201d2fc050b224f088e1e78c624e1a977e

  • SHA256

    da293954e6213c87dcb11407294daabd9e64d71183f630a287fd82f55c9602e0

  • SHA512

    c3c24f4a496939be4bb1f1be02ac570c476c4d211bd4eb171c8b84f3b565afe858d37b57b144cfc65e4a43ebf3afb830ba0f8803f348605e578792f57e284d6c

  • SSDEEP

    98304:rJyq4yevxZUbR2zEysXbMU7Vujy35IveSJ9wbp:rJ6yep8vTu0SA

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da293954e6213c87dcb11407294daabd9e64d71183f630a287fd82f55c9602e0.exe
    "C:\Users\Admin\AppData\Local\Temp\da293954e6213c87dcb11407294daabd9e64d71183f630a287fd82f55c9602e0.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ojbk.lanzout.com/b09fa832d
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4744
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e05746f8,0x7ff8e0574708,0x7ff8e0574718
        3⤵
          PID:3960
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
          3⤵
            PID:2420
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2412
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
            3⤵
              PID:808
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              3⤵
                PID:5020
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                3⤵
                  PID:4720
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
                  3⤵
                    PID:3096
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1096
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
                    3⤵
                      PID:1836
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
                      3⤵
                        PID:4352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                        3⤵
                          PID:2588
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
                          3⤵
                            PID:2640
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,120797320657428306,4761884037860567435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3880
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:636
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3336

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            f95638730ec51abd55794c140ca826c9

                            SHA1

                            77c415e2599fbdfe16530c2ab533fd6b193e82ef

                            SHA256

                            106137874d86d602d1f4af7dac605f3470ec7a5d69b644b99d502bb38925bbd3

                            SHA512

                            0eb01b446d876886066783242381d214a01e2d282729a69b890ae2b6d74d0e1325a6bd4671738ebe3b6ecadc22ceb00f42348bad18d2352896ed3344cc29f78a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            120B

                            MD5

                            e3f12cdcfe264f931a355b8baf8e9043

                            SHA1

                            f899fe5700191abe5d09c3f39c42a06e76034c94

                            SHA256

                            0e8aafb50860041c155911be91e124d85722f9a9f67be82ed21e0872b7af799b

                            SHA512

                            3c1dd1f578404d2c6a4fdaa2e5cb067e0ac52c72f68d15aa09775802b32635b0cdee37698abab4fe2a530b61221e194083694e2c986681d20586f248ac350c60

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            111B

                            MD5

                            807419ca9a4734feaf8d8563a003b048

                            SHA1

                            a723c7d60a65886ffa068711f1e900ccc85922a6

                            SHA256

                            aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                            SHA512

                            f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            f479920467bf338c678c48a9d1393b9a

                            SHA1

                            07ab448a55e65eb3046f75407dca9abf37fdca44

                            SHA256

                            80ee6a5ae372f4a02aa00394bf9bec1f3af40ca9dc9c78c7aefdc395bac19dda

                            SHA512

                            85e13a264eeef1e1453e7bf84cf32374250278234c57991c0b3c2dd369b3ba3f3232678a75ffbaa50c21f11302c5f3d812084582bf73aa000c2590690522c43f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            be49c5a39b5cc8602f6d43255f907245

                            SHA1

                            3de87601b41411472d10d6775a4a5512c01ec063

                            SHA256

                            d629ffae7d7858f637e39d860d388826a8aa27cd43e909e7c36fd36a51a9e2c0

                            SHA512

                            0c38387b4f4f525c2202bec18d7ccba7c5cd639cb1247a019d6f934c4b70fbcd6ec7d90dd9815b6172b927ada1f31c9fdd2f5dd50162206ccae22e61abd58961

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                            Filesize

                            24KB

                            MD5

                            4a078fb8a7c67594a6c2aa724e2ac684

                            SHA1

                            92bc5b49985c8588c60f6f85c50a516fae0332f4

                            SHA256

                            c225fb924400745c1cd7b56fffaee71dce06613c91fbbb9aa247401ccb49e1ee

                            SHA512

                            188270df5243186d00ca8cc457f8ab7f7b2cd6368d987c3673f9c8944a4be6687b30daf8715429bd1b335391118d0ce840e3cb919ff4138c6273b286fb57b2b6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            1d0360d15ad8b7205fbdf72ae9d44f5d

                            SHA1

                            6f591db65c53617b5cbe6ccb3fcc402e1fc04eca

                            SHA256

                            39b45c0df2d0761592a59fe0b7b4d8be2f0c8e0f1ac0d3938c523516300babeb

                            SHA512

                            765a3cecfa1840c34dc85e06e065660651c9d0af13989962c04fe5c59ed65c8c0d4b91e559f31ee81c32400dec8f71ed28b3be32b90fd536c9a20e73d5636980

                            Download Submit

                          • memory/2108-4-0x0000000010000000-0x0000000010116000-memory.dmp

                            Filesize

                            1.1MB

                            Download

                          • memory/2108-24-0x00000000060F0000-0x0000000006149000-memory.dmp

                            Filesize

                            356KB

                            Download

                          • memory/2108-23-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/2108-19-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/2108-15-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/2108-8-0x00000000060F0000-0x0000000006149000-memory.dmp

                            Filesize

                            356KB

                            Download

                          • memory/2108-0-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/2108-3-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/2108-2-0x0000000000400000-0x0000000000E2A000-memory.dmp

                            Filesize

                            10.2MB

                            Download

                          • memory/2108-1-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

                            Filesize

                            4KB

                            Download