Analysis
-
max time kernel
159s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
15/10/2023, 19:42
General
-
Target
aa28bf9d724debc10b4f890e2783f980_exe32.exe
-
Size
3.0MB
-
MD5
aa28bf9d724debc10b4f890e2783f980
-
SHA1
caff781aa13b705605901e9418c32b4014259796
-
SHA256
cdd0996a5ddb7367c46c4b1f3ddb34e214a454abcfaa9a8ca562d53eb1aa5aab
-
SHA512
fd2be977cf1d916d3399950dd0f116f0995778a5aa6c661dfbcf60a374d96fd8be0ead6d8b5df4c9edb22391c568490726f4095905b0f8ccd9e1e8bdaf6bd3b0
-
SSDEEP
49152://jeL0/GUl+vsAed2klWflB4RQB5iQLFkGre/y9ZrZTDEVFXu8sypyUCX:DqoKUhRKeUiQSGre+n/sLyh
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa28bf9d724debc10b4f890e2783f980_exe32.exe"C:\Users\Admin\AppData\Local\Temp\aa28bf9d724debc10b4f890e2783f980_exe32.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer http://www.mlplay.com/download.html2⤵
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.mlplay.com/download.html2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff2e8546f8,0x7fff2e854708,0x7fff2e8547183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12728404302054238221,8534484843847088104,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:13⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53d8f4eadb68a3e3d1bf2fa3006af5510
SHA1d5d8239ec8a3bf5dadf52360350251d90d9e0142
SHA25685a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c
SHA512554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554
-
Filesize
120B
MD55a9edb199e7d7c905845cec2cdbf5296
SHA14e81ab4886f8ccb9f5dc5e9d52ebc1da5869ca0f
SHA2569e7a7962d725c24d9724592c4670e53a6788a95d22fd47c2d7f1d091533989ed
SHA5128ed0cdc0262c8a02b3869934e3fe0102489f60a19f291d19b570ff54223c2ef92db8a2b41cf3b1b9827df223c6f6f85105d8fe9f62a6b75f8c8b37e662d0914e
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
961B
MD5cba1e91a3d72fd132d3effdc36649743
SHA12afa115fb02c808b24c2125939cdfbbd255af153
SHA256642e34355e85a90518b5cbba883b762bec6ca9e19a6b2f055d159d7ecb93e3bb
SHA5127f471fffbe1af9d7172fd68e2a36598b53f4e8703a37b08699d9a6ccbf7525c53625fe9fd13f79e9594becdec39a25936f4ad821902ddbe78326d27b542182a7
-
Filesize
5KB
MD5ebb513684d8cfdf8b68919a0d6bc574b
SHA1f2b907ef1920ed4b6c657901dd756ccb45b639fc
SHA256876c021b2ea24d37b1c10e70420e3096f56f8af962c452748667acd400d864eb
SHA51202f5c9e1444f8611472a8908f450d090e4bbd054fe155de34e3d51f6a989fc8169c72042f406b00302effbcbc341c6bfa8912a4f5d4716987b01bcf85b446e48
-
Filesize
6KB
MD5bd1e276380b99d9066aba61b94021101
SHA14d7bc8f3f0bca05422f1d10cc45056756cec3ef2
SHA2563416f89c2042cae4260f7c87e436e33b96b7423660d764fd72e11620269a318d
SHA512b12b638a01a71cdf97a576aa714af93aa30cc61b062f491715600f3ed4030b38db7286dbae6f8408bf6b635c157dc99554f2ed4d3f2279bae7ba575f2f4e2fa6
-
Filesize
24KB
MD5d985875547ce8936a14b00d1e571365f
SHA1040d8e5bd318357941fca03b49f66a1470824cb3
SHA2568455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf
SHA512ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a8b2666e0051f4dc386d2087d578c2fe
SHA10199f2be4ce5014726a9da0e1ac6839c5c5378f5
SHA2561db2f833627026e849e775d09900eee4d0859797f4a69223a9d885d1a2fe70b8
SHA51255713424c52c391f2b05ed6de41cc691b6feed4582360f0de4f914a57707f9b354ef9e47fbdd0c2d073f438b3397b4a177d838a78679fb8e5078fc6ae76def92
-
Filesize
10KB
MD543670356358ac6aa1f7f952f20a5c253
SHA14218408e511afb574a4b16e95cef19e89300d2e1
SHA256d896d8e0215c186162b258ac9b644c817e6f9b75c63c517dc9986d665b9da85c
SHA5121a6cf466fc9244290853f3d2547fd462e3dbd08730f0b5d01eddb8249581d0039ce72ef0893d26cfde61cdbc7c9ca0b02d861d85a23f6988bec2869cec4aebca
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
3.0MB
-
Filesize
4KB
-
Filesize
3.0MB
-
Filesize
4KB
-
Filesize
3.0MB