Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://gmail.com

windows7-x64

1

http://gmail.com

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 08:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://gmail.com

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc458346f8,0x7ffc45834708,0x7ffc45834718
    1⤵
      PID:912
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gmail.com
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5184
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
        2⤵
          PID:5148
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
          2⤵
            PID:5396
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:5492
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:5716
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
              2⤵
                PID:4808
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                2⤵
                  PID:2748
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                  2⤵
                    PID:1676
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
                    2⤵
                      PID:1772
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                      2⤵
                        PID:5104
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
                        2⤵
                          PID:5432
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                          2⤵
                            PID:2604
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                            2⤵
                              PID:1916
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13867835582826813998,15071423741440950102,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3692 /prefetch:2
                              2⤵
                                PID:5048
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:4812
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:856

                                Network

                                MITRE ATT&CK Matrix

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                  Filesize

                                  152B

                                  MD5

                                  3e71d66ce903fcba6050e4b99b624fa7

                                  SHA1

                                  139d274762405b422eab698da8cc85f405922de5

                                  SHA256

                                  53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

                                  SHA512

                                  17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  c1b11c2d72f2013e3af643fb2abcbdc0

                                  SHA1

                                  c2aa4823384781704b3ae41ead69e9fd4d0b875e

                                  SHA256

                                  1cbd32df7ec328d3eb5574242f30a7afd0a0ffd3fccd614a13d7bc2c3f775daa

                                  SHA512

                                  09f6a155056dfa02d6086918347b6a1a81d3976bc66ba61e85bfed1da3d2865f537e93af62da4addd3fb968d3fc423afe10cd95e008c7cb7aa4d25bc19f3ba63

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                  Filesize

                                  1KB

                                  MD5

                                  9066e934c164a9763a9173c7a8db062c

                                  SHA1

                                  c7de3768eca5741e514c7d295c98acd05878212a

                                  SHA256

                                  5067cf0d87844079618af4d1a40332ba90581d2bb2b9ea24decde51239e7a984

                                  SHA512

                                  351c37807d4c6b97b04098969a3847b0fe38668be986e22a7537ed65ec97a8dbb8dd10265750528c09fe46854fb75f2d765d1740112202d83e9704105f53d066

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  5KB

                                  MD5

                                  c0e523e57de0b025ecdc770094ec17e3

                                  SHA1

                                  ad0c24f8ce902b4a8ca048ca7aa593e32d09a476

                                  SHA256

                                  fbfeb2aef5d929a94f67cd2fd310ee08feb836db4599dc57e00182f4fdcd9c66

                                  SHA512

                                  68266dcc7210233290c3c1f14a40f7b42e1dfc54b2abc700f48648330aefa3fa439c4779bed204dcaee5e567dc4213057a42a78e306d0776149be2636f6dc19c

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                  Filesize

                                  6KB

                                  MD5

                                  768cc567740da516a2872bdb0391b7ee

                                  SHA1

                                  a11154cdd145c8603eaed6b66c976a168c241782

                                  SHA256

                                  ed5028da1f5ea46b978aee5542d696d070ee0d126fce61c8b1ff223a5d3a4d42

                                  SHA512

                                  d37009a9ce3dd57464fa5d66cfa8c567dde6f5de111f438a0ec01dada004c783369b8b6ebff054f418a0e89725cc29a0cd0f001e3856094d0dcc85b76aa22949

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                  Filesize

                                  8KB

                                  MD5

                                  75bd1672f1bba933eb41bec8e756a3b0

                                  SHA1

                                  2cb052fd274063d2ae4ee5dd4e5cc2f8c3cd9fca

                                  SHA256

                                  8fc718d548656c15caa0bc69d9bc4641cde7329dd511ea9953fb8e0afa2fbcda

                                  SHA512

                                  c1f9bbb966afe47df69e4705e6e58b4b27f4ec242340c0bedc43ee2e208beb4ab09942290faac037c7f9c09ba4bb778ab2dd587d1f8762f00a81d825b7f93451

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                  Filesize

                                  368B

                                  MD5

                                  e10ada9c8dd086588e574c10ea8aa0b5

                                  SHA1

                                  5a672cc8f9483b326c6874568313d6d2d52499fc

                                  SHA256

                                  6891b77845c289b2c817e8fd72963428b09b7515cc9bea33b2f24769a5719301

                                  SHA512

                                  2ec02cb90c07d1703b1b6654dd1048515e0354e8f376ffc3144db56ed5ed4f782bb59107d8c9cc423d3221d34417713940d1247526705988245a64d064607eda

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587bd2.TMP
                                  Filesize

                                  368B

                                  MD5

                                  37798dd7baa1b5631dc61b97688b3a36

                                  SHA1

                                  d11436b9bcc38033c3bd8f0a6098f686870732b9

                                  SHA256

                                  5c7cded74822f8292a3948a3a932d80f2bb50b973090b7aa55ddcada12761bfb

                                  SHA512

                                  f94f9cbd8765806754957def95649bf3289b3bf13e5bbacb5e6aaebab4db84bbef924449812fc372b7075900bae153811057936c6e1123242c16245a70f251a1

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                  Filesize

                                  16B

                                  MD5

                                  6752a1d65b201c13b62ea44016eb221f

                                  SHA1

                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                  SHA256

                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                  SHA512

                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                  Download Submit

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                  Filesize

                                  11KB

                                  MD5

                                  49a30aa91e1c8dcb8896024b29872959

                                  SHA1

                                  7f5cb871407be45a1a9a2ea1e0afe31591722b4a

                                  SHA256

                                  de0806e7f746e732867af350a61677864f70a21193521e639890b9f48797fe29

                                  SHA512

                                  cc6c429736606f57c93573656a89fbe2132a9113ee3fdb562936c60aa39f32870365af490f141c09f6334cfdb717ab38a455d15e5504edd12240992385991931

                                  Download Submit