Overview

overview

1

Static

static

1

URLScan

urlscan

https://chat.openai....

windows10-2004-x64

1

Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-02-2024 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://chat.openai.com/share/e4c3b4df-ca92-46e4-8774-46bda5b52bd8

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chat.openai.com/share/e4c3b4df-ca92-46e4-8774-46bda5b52bd8
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4600
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef72146f8,0x7ffef7214708,0x7ffef7214718
      2⤵
        PID:2908
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
        2⤵
          PID:1688
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4092
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
          2⤵
            PID:4492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
            2⤵
              PID:1560
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
              2⤵
                PID:4924
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                2⤵
                  PID:3472
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
                  2⤵
                    PID:2156
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10445034268619037420,188573042957301647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2604
                • C:\Windows\System32\CompPkgSrv.exe
                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                  1⤵
                    PID:1280
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:468

                    Network

                    MITRE ATT&CK Matrix ATT&CK v13

                    Initial Access

                    Execution

                    Persistence

                    Privilege Escalation

                    Defense Evasion

                    Credential Access

                    Discovery

                    Query Registry

                    1
                    T1012

                    System Information Discovery

                    1
                    T1082

                    Lateral Movement

                    Collection

                    Exfiltration

                    Command and Control

                    Impact

                    Resource Development

                    Reconnaissance

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                      Filesize

                      152B

                      MD5

                      4d6e17218d9a99976d1a14c6f6944c96

                      SHA1

                      9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

                      SHA256

                      32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

                      SHA512

                      3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                      Filesize

                      336B

                      MD5

                      9d0c0cb6a76c6ed9dd8b9d8bb6a6ab2a

                      SHA1

                      c69e37cab8270e8e1deb54029047c5f9b1ab0d70

                      SHA256

                      9f95797c509c1e38192f7f8af5bf1805a2f4ea3051a05af8f2bb8004495a0e66

                      SHA512

                      bbc91d0bdd36e4a8ee7679daa28ac332dfa29352f33245598a6f599962266c3cccdc7884e1b0dea15a3bdc7c77cb7b013ac5e3b318d1e289ad29e3683b0b8c86

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                      Filesize

                      1KB

                      MD5

                      5a92191ed64ef26cf7ceb52182304091

                      SHA1

                      ba5bbb21fa50077fd6915e31110c74f3027d3f39

                      SHA256

                      9ea86aff14a14091d14e5bd23c5a4ab5931ea354b68e3774f3707b05d30fba6a

                      SHA512

                      3390503c61d7767371f70d6851191b69f0fadda5e52ff6b4e652d10de4690ada74de5258798391277758aed2a96f97833f3110890ad4a328dd53ba076dbf2a79

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                      Filesize

                      111B

                      MD5

                      285252a2f6327d41eab203dc2f402c67

                      SHA1

                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                      SHA256

                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                      SHA512

                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      d24fefcb872dd8f07de4f39f06ad9dfa

                      SHA1

                      08d0e48167cf643b936a8369234b4399e35f0fb7

                      SHA256

                      67c7676a25a95d1703d3b617b190d0ee373af2e5f16313b6b757586d44e6b1aa

                      SHA512

                      d96ce546a46760304b549705fc6ac96ee97713a6d7846cc492203849da25e4a52ba47f686aff4fd1126e1ad432fc1ca763e3f432488f4125e00725070a796d03

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      5KB

                      MD5

                      f35a5cfea8ae3577c5e191e412e5780b

                      SHA1

                      4d986d9a144387cdc7804087a3c1dd198ddf974a

                      SHA256

                      0560e6b48587b7ecac07280b9199da3de2321e7381a62805e477cc7463b8322c

                      SHA512

                      7adc78f81c01cffa076455ca54a41dbd0b53fae1025dfbf4d4b24ac1d5e21fe9007e997b6e22f9bfd4be0f2797faedd12dd922b7943354cda62abdb351edcb68

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                      Filesize

                      6KB

                      MD5

                      6c8373dc64f62c68d5346511a6ef3eac

                      SHA1

                      88d764625996747cb2313d4f48ec077d60bcd96e

                      SHA256

                      7089ed3a2a1cf66bad5a94915e4c776b4d787411874e0f510597338c03e0bfca

                      SHA512

                      8264d5620a318f9413f0a77cee5ac206818c1e7b36b9636a8844b2a06c938a4fb4cfd9819b54183cad53b72e7ca0b5e609ebaf795e5d738e8361c6e5ab2de873

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                      Filesize

                      24KB

                      MD5

                      c2ef1d773c3f6f230cedf469f7e34059

                      SHA1

                      e410764405adcfead3338c8d0b29371fd1a3f292

                      SHA256

                      185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

                      SHA512

                      2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                      Filesize

                      702B

                      MD5

                      6c4b971923b5240db41fec7d2bcb6a5f

                      SHA1

                      fa51dd2b1a5a27568c4f5de230c3d936e2eecce6

                      SHA256

                      a5fb8bc727dd4b70e00f1bb2f03861216d7227755a80d944a7f73e1bee058db7

                      SHA512

                      ac1bab87ee6ccdd43b33b1fb3e769e053cb967666bca24b31d77519ea56538c54247420646877a213dd508f13bdd0e7653c106e6e92765c2d2a196f29a218e08

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                      Filesize

                      702B

                      MD5

                      04d6c01eb5b513964741c6473412492d

                      SHA1

                      ce3203a470bb022c8f997a324eeaa1e2ce9b157c

                      SHA256

                      039d1b940b5dd0606718eb9872f06fa4386a181e0e286fb8847d9c5a99485542

                      SHA512

                      d7d2d53ff582e97381fb657a58a450b59d41306f7199ea47189c5fcdd1dd025857e2f26156d8e23113e2b6dcb4ebcf13f760021f12179d6127876f3d1bab6d0d

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a24b.TMP
                      Filesize

                      704B

                      MD5

                      9516e350a6fe9a24be5f1fece8d78d3a

                      SHA1

                      35e1d8a6339e6dea611a041c755d4a959ad8c086

                      SHA256

                      c802af537b2f7517787857098c8ffa620ef29fb7e8a596a661c5f1422c6f8690

                      SHA512

                      0aa133203941e346cfdad138a3482553fb2202aa956f0614fff1d999b405061614132a7cb1af55fa413dff910e0d260eab4a92e84ad63e11dc2b133b9572cc5e

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                      Filesize

                      16B

                      MD5

                      6752a1d65b201c13b62ea44016eb221f

                      SHA1

                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                      SHA256

                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                      SHA512

                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      10KB

                      MD5

                      24d77f077aee5adf99eb3b53734d140b

                      SHA1

                      3b9dd257d6f1e415867d7c47a0b6a9dd2958afb4

                      SHA256

                      df9d2228fd487beb908e56ec09d8cf3cb53b09c9c9d49214c80b4bcacb87fdd9

                      SHA512

                      431e35a7cd439e38db050f8a7f25986191790e0c6b6aa996e76c619a6c4bfc5a9b1218f1603ac2b51a1941bf4d5b07726638cd267b8830e274d9e1d1a8d4a038

                      Download Submit
                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                      Filesize

                      10KB

                      MD5

                      3694732509c9e1b73bead1a97e99be6e

                      SHA1

                      460154a2ca0b37b8a19a199a5e70c55cc8772745

                      SHA256

                      0536e9a6fd36acc403c0f10cbc1cf2d0229079bd1b78cc53428a833199423ff4

                      SHA512

                      4140e437ec3c92c992b7667aa2b75275a85b3e730129fb2d9691f476dcdc7ae2a291863e862e24b1affde620e85374701cb11df78f80b58899a4c8304a137ef8

                      Download Submit
                    • \??\pipe\LOCAL\crashpad_4600_TSGVRRCIKBPYKMGM
                      MD5

                      d41d8cd98f00b204e9800998ecf8427e

                      SHA1

                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                      SHA256

                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                      SHA512

                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                      Download Submit