Overview

overview

7

Static

static

7

41651db340...c4.exe

windows7-x64

3

41651db340...c4.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    155s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    41651db34032111d91ab4b2fee8d38c4.exe

  • Size

    183KB

  • MD5

    41651db34032111d91ab4b2fee8d38c4

  • SHA1

    a9395a9269f2bb8e1ea5160de3622fdff5d752b9

  • SHA256

    2da3965a34f2612b726d6ace2d56e29d955a456464e1aeb4e136f74e5b69bb03

  • SHA512

    0ee2e327385a5e53e36fbeff53c512b8ec49b35dc5a5b7953ffb12f3aa6cc9d1bd001e16d47a5204b0ef2ae85a4df61e130f45c09da6a27ae66664f6675cf911

  • SSDEEP

    3072:QbcQQbs0ge/c3NLBuRutnugxCGLNut/g5xkbN9Q7aisbhcEIYfSwoE:QbeY7eU3NLcu9xCGLNuY5xkb7iYcEnSy

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\41651db34032111d91ab4b2fee8d38c4.exe
    "C:\Users\Admin\AppData\Local\Temp\41651db34032111d91ab4b2fee8d38c4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.flogao.com.br/gatascari0cas
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4816
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb69d846f8,0x7ffb69d84708,0x7ffb69d84718
        3⤵
          PID:4324
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4244
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
          3⤵
            PID:4528
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
            3⤵
              PID:1664
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
              3⤵
                PID:2420
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
                3⤵
                  PID:648
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                  3⤵
                    PID:2952
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                    3⤵
                      PID:2496
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
                      3⤵
                        PID:3180
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                        3⤵
                          PID:3636
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
                          3⤵
                            PID:2776
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4952
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                            3⤵
                              PID:2876
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
                              3⤵
                                PID:3320
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,14484556668790978585,16521379000123306137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3256 /prefetch:2
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4036
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1492
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:780

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                efc9c7501d0a6db520763baad1e05ce8

                                SHA1

                                60b5e190124b54ff7234bb2e36071d9c8db8545f

                                SHA256

                                7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

                                SHA512

                                bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                Filesize

                                201KB

                                MD5

                                e3038f6bc551682771347013cf7e4e4f

                                SHA1

                                f4593aba87d0a96d6f91f0e59464d7d4c74ed77e

                                SHA256

                                6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a

                                SHA512

                                4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                216B

                                MD5

                                ebc9b2c227077e634d2c824b8b362331

                                SHA1

                                c68a586a1300bc47292889274f27b0d057d0dd25

                                SHA256

                                6dd7e849df702d39f3d89b79c489ae5df0522c50afbd5921d4a5432d578bbd83

                                SHA512

                                b782ea72a36a53f825b46e72ba9bb55f9ca07c7f97e85c4a7c686152e572a6942b3c8e0f8f72855a06bf54d9228848fd8070ed62838c9df6e05be7de1e52e2de

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                955B

                                MD5

                                fbe805aeb4c9f327c8a10065fc08ba1c

                                SHA1

                                23af0f534485486b907b849e956a1e6fa94fef15

                                SHA256

                                1996827eb4ec68e5ceddc06d73711f64588028fce3b5df87178155e96a294bfa

                                SHA512

                                e18b3b3f988d8518964c4c75573c02b3d0378739b05aa15b7094f2693d0c4614b34c7153f700a7824243ada8c383a6b9623f8b31f8bff8b587f159ac6493219a

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                2e10f45b44f77c3622de77d674bb8b2c

                                SHA1

                                ce66d4608ec9724fc4df06b9bea4d60277e5e747

                                SHA256

                                7b40f9265a6516bf4bbca55a51d883a906bf582fa1ffaef43ac245388aecb128

                                SHA512

                                0a8f93b95deb206ef84d96eea0554d378f84608ff9747557710e6aace284f6d36c79143a8170abcc22341f2eecddad06a5c0ba369cbf843732702c2b13608489

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                37310b6dec01e61a830e6ddc6908dd12

                                SHA1

                                fe6a51b91a5a2abfbebbca68ac00f5006dcc77d5

                                SHA256

                                2b5aa5fa499c7c303bd746214ce23626caa72f902f8865595c1b729b4530f049

                                SHA512

                                126785defe2398230dcd61a266b8ef812443c1fc4619c75bc43a99c7dba9a73df49cdfbff05c14aa54c91d5f7d9fe3210b59b85d17e6b4ababdee9551c489f0f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                121510c1483c9de9fdb590c20526ec0a

                                SHA1

                                96443a812fe4d3c522cfdbc9c95155e11939f4e2

                                SHA256

                                cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

                                SHA512

                                b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                d0cf914250098585671ef21d6ad6dfa6

                                SHA1

                                3bc715a1b77abab5de1014cf264dd3ab4cf7ad81

                                SHA256

                                0ceca35cbc23bdb5993389ce0c7db7f2bc14bd7f8442fa3960336813e18e9575

                                SHA512

                                7c91cb25c8f4a613360c617ef42d060e3af207159c2aace9adef64382e9f0170beda993613b25c0ca15248e3ae86a59dde4ccf622369c9f86115b90feacdf022

                                Download Submit

                              • memory/2876-35-0x0000000000400000-0x0000000000473000-memory.dmp

                                Filesize

                                460KB

                                Download

                              • memory/2876-0-0x0000000002320000-0x0000000002321000-memory.dmp

                                Filesize

                                4KB

                                Download

                              • memory/2876-1-0x0000000000400000-0x0000000000473000-memory.dmp

                                Filesize

                                460KB

                                Download