Overview

overview

3

Static

static

3

9a01f00776...ce.exe

windows7-x64

1

9a01f00776...ce.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 21:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a01f00776dd73a6aeabe3a974bcc6ce.exe

  • Size

    9KB

  • MD5

    9a01f00776dd73a6aeabe3a974bcc6ce

  • SHA1

    05c28dcec446f225a465a83c97f6f7cdb705df9b

  • SHA256

    8b5bcc652274158d7665fbae9cafa0759c7e2277831429be1aef6799ed354158

  • SHA512

    48408a3ee6278d35330f0e2552f7c6dc50df6cea81e2aa1f2389948455a9a9cce9ac742cb56c019d4482eb0b06ffb94c5f95fcaeba77c8cacc8b8c2f97ea3b6c

  • SSDEEP

    192:ZK1EoLk55ujPZTgc8iMBpzEvXtdY62xX4gtSDh5KUpt3TFbJ:ZKqomQLZU3vBdEvXiXtSDh5DphTFt

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a01f00776dd73a6aeabe3a974bcc6ce.exe
    "C:\Users\Admin\AppData\Local\Temp\9a01f00776dd73a6aeabe3a974bcc6ce.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.mvdesign.com.br/cartao0071873.htm
      2⤵
        PID:3936
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.mvdesign.com.br/cartao0071873.htm
        2⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1592
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08ff46f8,0x7ffd08ff4708,0x7ffd08ff4718
          3⤵
            PID:4144
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
            3⤵
              PID:4884
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4636
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
              3⤵
                PID:4532
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                3⤵
                  PID:1372
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                  3⤵
                    PID:3964
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
                    3⤵
                      PID:1328
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
                      3⤵
                        PID:4664
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4124
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                        3⤵
                          PID:4448
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                          3⤵
                            PID:3936
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
                            3⤵
                              PID:5076
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                              3⤵
                                PID:1508
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
                                3⤵
                                  PID:1148
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                                  3⤵
                                    PID:1236
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10916296044468011452,225191522824984739,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3020
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4988
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:1436

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    1386433ecc349475d39fb1e4f9e149a0

                                    SHA1

                                    f04f71ac77cb30f1d04fd16d42852322a8b2680f

                                    SHA256

                                    a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

                                    SHA512

                                    fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\785f9ead-2130-4fed-a378-01410d41bb05.tmp
                                    Filesize

                                    1KB

                                    MD5

                                    b38ad8c4c49ecd92739fe42d9d18b6d7

                                    SHA1

                                    25e59914e8c6f34969050633fe210af73ff754f1

                                    SHA256

                                    ecf5f6f568c061ba76b9b50f9ccbd0b7fdb5de75cd7dcacbb9757da4774c06e9

                                    SHA512

                                    75664ed7bb278b612a0493c77f6a72ceb9a75568ce92217d4eeca0a1ca2b6ca91a945b50b6e43d51d3b56f89f8207b7afa169dd62c766415e27ae4a8ace51b64

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                    Filesize

                                    195KB

                                    MD5

                                    37f9f074d65372720b0e3be717e3eec0

                                    SHA1

                                    5fd81326fcdf483b8e28b2dbb3d37f74069678d7

                                    SHA256

                                    065009b5c9da7dd68ac1cbcfe6f6ebb4d3b163f4912983308329fe9c7cbaae00

                                    SHA512

                                    0f522e6478162dd1df5c28a32cf72af59eb9659c450716d3326f427b74bb4450cce785b6b8cfdaec7d45feca1468baec75dbced2699fd5038c457f6e73a0576f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    552B

                                    MD5

                                    1d2acad1775cd94df7edc1a598683325

                                    SHA1

                                    cd51415cb0dc993ba7d4e5ed50d270154d5ec24a

                                    SHA256

                                    93c966363ac6c27fa1f13e0cd60c0c6978296b7c65527df728e711c78aff683d

                                    SHA512

                                    3c849fe1252f8e7503ca9bcb4cfa3d2e6849d1ee3bec3d7be6bba125a98b312ac43cef0b8efb23a935aefe41c2a97f25bf9a5b7c67c379393ceb78f214a3b430

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    dbc8de4c4eded8f2f897d587fc498029

                                    SHA1

                                    8e51ffe2c1b1799f73d959750943652904b86ffe

                                    SHA256

                                    3aaf141ce56f996a46f801a07e76f0511563b2b65b3b70f5bd01dfe19bfbf461

                                    SHA512

                                    040f96ec3a0dfa60a05d08d3050a4be193d38233815d3802baef8200be63438108fc1dae92978bb47cd37c1bdc65851faf41b581affcd534fb1df280ffbd5f67

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    dda445767cf10e3a823eaaa153fe7dcf

                                    SHA1

                                    adf72f17efcfbd8e6179140eab75e34d7da0ec74

                                    SHA256

                                    ca4eed16897f563d0e2e8f5658ad20978d8135a0bd4c06b0da7b82bf0ac99114

                                    SHA512

                                    fef2f599b4c298215e270ebc7309a0541602e29542fe545924ec3d97c590d6547f6ed055d7d94f908e2c1eb39d209bd8ee427d9c3ca991a97d5abca108bc7e6e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    908591f3ec01990de6a5899f65807bcc

                                    SHA1

                                    5f2599dba0ccd57b8a31edec58ab710fb6dfb67d

                                    SHA256

                                    cd74671d3450fb6b8eb1ab81d2da7702c657364f7946e86adc4c0bb86aed6e70

                                    SHA512

                                    af081d6bf8484179699925728f68d8bc1c801c22434bfcad14c8dbab039e06026b3d7858a2003306054ea5d3c0a5cbcf8813cc9bfb6420c70bc112d6814e9a22

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                    Filesize

                                    24KB

                                    MD5

                                    e664066e3aa135f185ed1c194b9fa1f8

                                    SHA1

                                    358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

                                    SHA256

                                    86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

                                    SHA512

                                    58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    10KB

                                    MD5

                                    d1bf1410615893b72d0a936493fd7afa

                                    SHA1

                                    bfaf86582507cc0b8b5cc0134ff5856264ff5b33

                                    SHA256

                                    2f83f2c8051caed8f0eb3c7359d175a44f41d6dacd42526f2646e22801f7030d

                                    SHA512

                                    d51cb2cb18d1e7bbc9e402b0ad9f786b32e8a2bffcb702d0d814adcb19543df817b54d9b757bbde9b8420587c7516489c8e1cd5a2bcab3ec8398c6dda75b9eab

                                    Download Submit

                                  • C:\Windows Upadate.exe
                                    Filesize

                                    1KB

                                    MD5

                                    6960e4c0f2966460bfef4898b24a9c5d

                                    SHA1

                                    1bd4a3580627fa8b00f87f2fcdfee3903cd0acfe

                                    SHA256

                                    7290f5470333be96afa5279024779cf189128a788e424ab5b58a80b498c8f0c9

                                    SHA512

                                    ab9015e3bc5cc41f12f6b2237b31a0ee291149adab1c0c6d6f1b7178ec8b146f062a3cc39efe84a890c8ca0c4805aeb3c3ce9cf8785a8ffeb64892301924a726

                                    Download Submit

                                  • memory/2252-83-0x0000000000400000-0x0000000000407000-memory.dmp

                                    Filesize

                                    28KB

                                    Download

                                  • memory/2252-82-0x0000000000400000-0x0000000000407000-memory.dmp

                                    Filesize

                                    28KB

                                    Download

                                  • memory/2252-0-0x0000000000400000-0x0000000000407000-memory.dmp

                                    Filesize

                                    28KB

                                    Download