Analysis
-
max time kernel
50s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
11-02-2024 23:17
General
-
Target
https://github.com/Bypasser1A/Mystic-Logger/tree/main/Mystic%20Logger
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Bypasser1A/Mystic-Logger/tree/main/Mystic%20Logger1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9954946f8,0x7ff995494708,0x7ff9954947182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2240,15372095998478863488,15218999336972602075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2668 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bcaf436ee5fed204f08c14d7517436eb
SHA1637817252f1e2ab00275cd5b5a285a22980295ff
SHA256de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120
SHA5127e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c
-
Filesize
1KB
MD5a13e5f3e38167356880d6712204d98c2
SHA196af4877ee435359eed33a580102b4ee76257383
SHA2566747a4d0970f76778e6a9585bd9d2dfa5eb0f8efa05a1de6c73a2cfd29d23a76
SHA5129f1b3901cb212db15912cea0e323f354db83cd57796241c2057539bfad99b206ff41189eee18839a6c1f583ea12aa08b1783e0d89a5c683a16ab1ab6b629276a
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD532dc5c1d22490a4a247da8fbc6282911
SHA17fc02466d2f6fe375de95ed9db69f0df150d49af
SHA25691a4023c848941a7cf1008fe1f7d11e30556439053d09923b4aa3fa614e5590d
SHA51204c418a389fa78909feee14aafd82916b0177b9d2077514dbd0868377869b88b53a9890419d5559d14b145c6b7276e7fb11ca8e4332b8f84c3301a70221c1e41
-
Filesize
5KB
MD5d6ee4359d68e3cd68576fc6c1d8076b9
SHA1f4f6b1182a94caab1d0b6e5314bd066592a00355
SHA25684e8da8538468cc9d8be2f29b54e193ea1d5ec1b8d9cd3d4edec3fd38c46705d
SHA5120b2a09872c550edfaf7e1f968107bb4d01212c6274c5ea424299836d50dc9bb3ac87c108f25dbf71233f6382254c79b5c10604dcf7b8b807b80328cc97d912ba
-
Filesize
6KB
MD5de61e25e903819053d8c643b0ec24e19
SHA173a52c0762136e64dd8d3f23dd10d81c332de005
SHA256d18a4793228b578a3794947bd4ff062e3598c4d68d8a36c6b4c1c1720ee25c9e
SHA5127a558ab3f8d651f42d2f4c4f470325c7e9de64b0b09594bb9ad72ea517ed8c9531237c2c25ab65d62f7566aee31315ee5fcca5731c3bf725871397ae09b02784
-
Filesize
24KB
MD5b0ba6f0eee8f998b4d78bc4934f5fd17
SHA1589653d624de363d3e8869c169441b143c1f39ad
SHA2564b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f
SHA512e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9
-
Filesize
874B
MD5a6ea0062cf30a337a6d5de25bd81ee31
SHA1ce29e8d2052542ca57272990cb3aaba71de92ae3
SHA256603efabb63cbf59a213c54f5186fd119526e692b28df0065b2c939271fb378f5
SHA51248226e0590559b1d21af2ea7510f2ffc2574d6df17ff6fd9eb9ce4826c35cbf9ee4f29f5f2bdaab57db46a5e53833a5d1649743ec0f473f3b45e21f942362ca5
-
Filesize
1KB
MD5c13de258bf7519c0ed9b3c51f9da74c1
SHA1b1c2aad5fc3f321a73295c34f421d844e1bab252
SHA256b19d96db1f9fb13e8bd89282aab3d628c17bde689b346bc2111e30ec38989d74
SHA512589d640ff7737297d40d1a9e1d51dd99002bffda73a4ecf36de5ccc15a9e7a72bdc5fa82a4f46bafc9f9f2d036393d6553289e408359b8ae574cff9fe0e67b6f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD529b6a42a60e396aa710cfe7d1d0b1a20
SHA1a76a08d093f189a8f34e25e80d8025a9a07700a6
SHA256696ba7620eda3aaa4907745a59e4534747a04fe32a5e74208f4365e753d5ecda
SHA51201aa7dec9baeee53693ae8fc458dd114adf40c58b83831888b9529bc17241dec33023311533c6831458732d8357e99c720640c5a8cf048045d857145a3db29ad
-
Filesize
10KB
MD5861a5031609bd7358811ade010defe4a
SHA1c9e01895b4477b54ba8e0eda6e816644e6248191
SHA256fcab3b7a9034870b6e66790c39d319df8abeecd5c6738292e9068ba0428a0c6d
SHA5129559c4a7352303a30b7fd1a171912d16bef0ee0d02431025fd676e22778cb332e5d76474837cdf6964359041b83d24d546ecbefa0c9881d40d1caf1a3dce7816
-
Filesize
10KB
MD5c924255f9ee6fc074836152a01cfbf45
SHA11e0d6e6b64bd76ac9dd279db12b0a85b6726f3a2
SHA256fac41da0a6fcda35f07e26d2591d442cd97e3775e65832ff7eb2a8732f8a4522
SHA512b63942d31cf7e7ff974b1b96e573da2530f10aea745b2c07d98c8f2f767742bfeaa20a48da090c91bd0d4f9207a9e965e18d4807ef7521c62ecd451e65037b03