Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://aloviec.com

windows7-x64

1

http://aloviec.com

windows10-2004-x64

1

Analysis

  • max time kernel
    104s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2024, 05:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://aloviec.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://aloviec.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb5d0846f8,0x7ffb5d084708,0x7ffb5d084718
      2⤵
        PID:2920
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2444
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
        2⤵
          PID:3640
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
          2⤵
            PID:5036
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:1916
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:4052
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
                2⤵
                  PID:1352
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
                  2⤵
                    PID:3776
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                    2⤵
                      PID:4064
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                      2⤵
                        PID:1972
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                        2⤵
                          PID:5212
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
                          2⤵
                            PID:5284
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:5488
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7072 /prefetch:8
                            2⤵
                              PID:5472
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                              2⤵
                                PID:5612
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
                                2⤵
                                  PID:5604
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                                  2⤵
                                    PID:5788
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11727020636831438993,7889390097185069333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
                                    2⤵
                                      PID:5780
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4924
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1496

                                      Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              1386433ecc349475d39fb1e4f9e149a0

                                              SHA1

                                              f04f71ac77cb30f1d04fd16d42852322a8b2680f

                                              SHA256

                                              a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

                                              SHA512

                                              fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
                                              Filesize

                                              19KB

                                              MD5

                                              01f7fdc540f476b45ea234ec58f6dd5f

                                              SHA1

                                              193a70aa26d4d7a79d3e21c6a554cae4500a8e67

                                              SHA256

                                              62b49ab228aaaa650b257fea395b3f824d1208c798cee4cb1cfa1743ee9e931d

                                              SHA512

                                              ab67a441d2ce02113159a08b20dcff3b1db6000ab25233dc5d4171084bd2750dbe1ebcd0b73f0ba66eea05ccac32440cc74abb44031883cccb48ec9271dda8ff

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              864B

                                              MD5

                                              4c300faebe5b027ac2ff003ac699b883

                                              SHA1

                                              98a311a3f8ca9d891d6f97a7a3f614c1e3b1ce7f

                                              SHA256

                                              80b1177474a7402190889097cf943839f9c01fab5567f38cca017310dc51d9b0

                                              SHA512

                                              4f076c57759aded0d6a653cf41248b4111be877adef93806d38c79b7b833e037a04d8129b0772b7ca230b29202825c2ea0027116ca509444a4a4f380a583aa22

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              4KB

                                              MD5

                                              79d08051b74d45c15bb7f72a49057380

                                              SHA1

                                              37d5bf622f4d6ec6a7e1b9baa1bbeeb2564bc0b4

                                              SHA256

                                              9492c6e635971e1962ff21a53c9b7b91fd1ac9cc9f80032233f9363d8e9be75c

                                              SHA512

                                              a9d0ab32c376c122f10001537d6983f01c48ecc60282a813333f950b4ee1c6e7ea484d256b270e165fad86aac11ff7761b9503598af5eff34a1f84d7722b427c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              5b8c3f5bb47d9044ba57c19a8811e041

                                              SHA1

                                              1afeb207d866337d54b682367eda12de4e5dbe11

                                              SHA256

                                              88cc95b6d01a0551d8bc9f95d18ec5a9991f4b8f8490d358d48cbdb6ef879a37

                                              SHA512

                                              6c07e8c6060a5d4b6b01ddb97ed14aa44fb4d1cddfdb77e3049df5752991895071dde5206d7dcbbc202c51493fa55d2e289a379a4a6092241d9ecb62942707f4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              7KB

                                              MD5

                                              3446c69505d6c0dad1fc687581428698

                                              SHA1

                                              fd7eb996bcf5e952fc9f2e9c953f01900a39efe6

                                              SHA256

                                              5f778a70d82e19c9286e5523a8ac3e7c20becba2e8591ce26219dd99c3d93206

                                              SHA512

                                              bb706b8d475ddb81a23c3aff16f6e9965ab78627e9594e965db96cd50ff0876d989674656c67e63cd5921ce879cd5746584542cb3d00e8d7d3b08cbf8b07241d

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              7KB

                                              MD5

                                              80dca2ce8c667453cdac76198b2df239

                                              SHA1

                                              62e79d3054057b27835edd99a5fd70855123e00b

                                              SHA256

                                              ee7e19be1cc879adff256420d6c4d2308f7b7a256a7df7553be7756ba72c5605

                                              SHA512

                                              daa6a93c4357567404b76dbc977a001fe18ad34ff1ba8393a58ec49be20065a1a9b43554aa6b70e1d39a5eb921d4725978b3189bdb8f49e06b3f56a84c632875

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                              Filesize

                                              24KB

                                              MD5

                                              e664066e3aa135f185ed1c194b9fa1f8

                                              SHA1

                                              358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

                                              SHA256

                                              86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

                                              SHA512

                                              58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              b525d2602af85648729bc4489aef7cd6

                                              SHA1

                                              ab4d6c353fdf53760805ed4dc9047fe431836569

                                              SHA256

                                              d315dfa9f0346f3910ee50f032c5c87d342485fa84439da0c6ff0f4eec3c4962

                                              SHA512

                                              fa6179fa62061a3fcefdbce6038539ab97e050ac070c6ce1aa4d7c4c1198dedd4423d76fd987d53d2c50bac1f6427eda4f3987ca6840f6ddf6b8b00f21278fd4

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              51a542c8e448741a2c3571fac5f407ae

                                              SHA1

                                              650dd4a465a536f20370266b5183d25c186d70d1

                                              SHA256

                                              9b63de5d5be05ee57cf74c07247b5c8a5d172178a251f083d1f9973a242cf91b

                                              SHA512

                                              4e8912c72a72e34602718c8e3ea5e0faa497fdb709b013582cbe53f88da2ca6184a831cdad95e8c5bae951317f806215b0710c3effd140a357238073d70b2eff

                                              Download Submit