Analysis
-
max time kernel
70s -
max time network
84s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
-
submitted
03/02/2024, 18:05
General
-
Target
http://google.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb9a943cb8,0x7ffb9a943cc8,0x7ffb9a943cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,14781768586010161036,5945569601631414502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa39e1055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50307d75488a9def144d0373178e421da
SHA11e4351dd4a29b6340913848163b4df62628ad06c
SHA2569e1bd506806510408dcb9d5e1eab6672d905780282361f2b9974ab9a9ed1ab9e
SHA512993dbb0491352352ca89542922df735fc7b3cc0d14a4790f106c25ee9fd616d0722151d05e045ed5863e56b128c3308a561b958bbf5fe3bb87498e8a6d12a50b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD52688ffa2ea8ab5dcab53a720ff7a7ebe
SHA1e52bb74c3de4bcf348f1bdda13646ec7ba697445
SHA25658e16ce9dd6c6ab0b7dc401b6c7188fd52169ed7cf5ce650e99c26dbd4db39db
SHA512478b80d57225d556a5923bb59cf87eb52eb0f4d275e15c7856b69f95a8d822e40b73df3855822d38c758da91e1d8c44066ab6796308ce2a7be964607176389ae
-
Filesize
4KB
MD5d91be20136a56637d0f317cee863b911
SHA174f5d5db04fbb6e3d5509db003dc1e69579d8a1f
SHA256f72e950d787a45ad73a1542da2fc0313a106092f3d5c74db66a7d87082a5e322
SHA512a5427978170e6e080ca7f42cb26ff0dd51694b09a01ed175b0784775d97f5ad5ffec324b0a1e5fb8bfe60307e693320f8685d312544dccc74f504f118f1cf623
-
Filesize
5KB
MD56f05450653c9466ba0f4dce7195e64d9
SHA1ad4970068e44e8eb5a8447fe9da0bbb0d1e261bb
SHA25603f9656a5264b97ba7e329cb4d679feb0e620805b8a7d5bf7829b1e5bc0b3b02
SHA51268ed56bdf1c7fed525010b6d8348e54dc78c233f13808e94dc4a6a1ccb4a5598f1b428b2c6113ba833f3bb9fedfba71cd4e4e877a0891b2d905a8dadb2e2c190
-
Filesize
25KB
MD5611330c89e5742509b5947bc6b0e0ab4
SHA1a341399d0f702e01a82a634f7cbf5324637b0ac0
SHA25612eaff7f42d1ec78ad12f34c9d9d317834fc5d816e5edffaea993aa6a156bc1f
SHA51220229524816f0e383c4b9bbea956604a6189a9663b45008c3353b565b8ae351c8720071f4624efa3f023aea3a7cf53dfd272321f9457ff83c0d6c0942ce4e073
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
3KB
MD52824d5298d78e980721710d775506715
SHA168e3454af1d9b9f54fc9b823b75ec60b1135ce5d
SHA256b76e96bd56d91b109ef500f843bec5ae5f26941127e40353ca19ab79ed3473bb
SHA512007986e809542f621952d3cf92d09e5b1e22f70b444de7356fe10a5fccff68391f7ec27b0e66b28b84d834f39685aa4f17ce3a9f7072ac43620fab51a435fc13
-
Filesize
3KB
MD5941e860b7a0f77dc20acbc41973257a1
SHA1b1c5fd6a957b8b02b3433c566bcdf37acc00a7bb
SHA2568265b37377e1f0708e64806d2820b15213b8884322d225ce089191845bdb77e7
SHA5128e7d960125876b2416580ca6a2776751a25953b6fb195407a9f214b51378aef422bffdffcdb554e67461dc71e6556fd5e7a95097c91bb65b3307c8bcd0149e3f
-
Filesize
3KB
MD55685e0269c1c7491833d4f01504c32bd
SHA1260dc46daf8deb9e60b97f153e2434263205cdeb
SHA256646ce02b5e22166664a09bc3c0f98b477108e2c670370174cfbe7fc6b8661f96
SHA5124c54134e25dc39804fc3d11c6a8408097b416a66519269c0acc56311ca9d4b326d8650e887e992f73967ff7b46f4579c2dbc5ed2aed1ee6796f4519b8736822f
-
Filesize
264KB
MD55d600df82176d86e393fa6c4eef40e14
SHA1a982aff582e8b7f375cbc35404ba1f0496a6bd37
SHA256343e343adeb6fa9e4b70b40ee3692ee089964d551c3f815c13910660e9a6b3e7
SHA512135513a52d77e8a04d93c30fcfa8f4ce6071eabdc1a07bd5f39b7a2162e95808bdb7fb175d1fcd8a4285c94839e35d72241e41d4a6f7f5b011fba530e9ed0019