Analysis
-
max time kernel
21s -
max time network
10s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
-
submitted
19-02-2024 16:19
General
-
Target
KUmoVO.html
-
Size
508B
-
MD5
b72d0f02c7aa85ea6567628f7d2fc557
-
SHA1
92a6617e3b99a90142f682a6572b8e8b8e77f802
-
SHA256
4fcd14588f0014ba258f62bc093a46a44c2eee649cc120908444957cdc66513a
-
SHA512
670da63993a919cf0c58c90763694348e82748d9245918c7927cae5ee74b05cdfe78d0d9c8b4ce7d090b1b9f545a384da4d83758a98abe792107dbdc9717eb0c
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\KUmoVO.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffddd123cb8,0x7ffddd123cc8,0x7ffddd123cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,14554585844440461832,14824737554877957514,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54aa37444d26e81e6f3837eb15bcaa892
SHA13d00127097989429f311f33daa8380ad7af4cb56
SHA256ab703e5dfb5b92527f094fad6ec479839375907700be9a2fd1c3cb9105f9e655
SHA512f21a34c234433a688602b2b56d6844f224641bea45b8585f77f4853e192107a65c5e104e10cd86c1d97ff41a22fd05d65224993803b22113ed0b517e686c5176
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5895ee3ae642b4f44068537dd8cbcb6ab
SHA13de5c527aa0ef50f292cd06f41046630cfb6f7a4
SHA2562a26952a733fae3aa95e05b5ca436f9a8b243150631c6db3463dd53ca8790ab9
SHA512ecd326283b0a71e7b8dab23268139f8b6f270bd5fa01c8bffa1913c0ca6cd7266e1fa50bec02e0245ea48123f69ff6c9302f036dffed6b682569c87bfa0af6cd
-
Filesize
5KB
MD5a1531f32c42fd22f702bcc989445bf3e
SHA1713cc481d9ede78f5d9f3be5e4ae520b01b387ac
SHA256905922061fec049d733653ec89fccf6873ebe5186b6f11868cd0c342137dafe5
SHA51289061cc2bab14182a5daf2926bfb1a5b65f9f37723fa186877fb7d4ca263d33715a8ea3c5582f5d030ec61736a16f4f7b87a5ee9e2c6e81e8231191fab36e89f
-
Filesize
5KB
MD5293547f9e51fd3009b055ca956a1b59d
SHA17f647fb19ea0f5fb8b680dc2744233b97c5e8167
SHA256ba5b39924e44fc124a5799c38f46a4312a02169e4cec94011757b84235b290e3
SHA512467f7d8cef08908695b8d1a1895136d946439c70e796b1de721d4b64fbe2edd0f5da46116de5f11b49c5ce1f21077f9cb097bc83a5e89e378e42f4abd61b2e46
-
Filesize
25KB
MD540833cdbd5d7994ce8fa41b927a81b3c
SHA17d0113a707e380a6c12a7581af0184b6e49ba481
SHA256857a656a5e259b4671d5778cf4c93bf038e060b195cb7e9fb3d9c5bf25c8f2f7
SHA51238d77bf562e1abeffd91ada2832a160d29509ed748751f43de43c5846c9fffab53884fe31b19ee7336c36557d726b9ff17dcdda0f311d8f04407e44748f2f4e7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD58badd90712dad93c20dbad18b3ecb72e
SHA1d89ad93b85546e3f5df4328e475b66eea9d28b06
SHA256c5803a3d90fe8fc373ea85d46d3a10c555df198f3163aee3981c84d2f5c19ff4
SHA512377c44adbb0ed0f7b9950db9af14b3469847f49bf6909aefb88d6e5a6d2dacbff3485ed096b577b3a985f54c3af6d50cf893a7aee5276a1e281e6abb4e50b72f
-
Filesize
10KB
MD56e5573109189c09ff5d665e7db20a986
SHA1b63e40a4a10ce158b23f7694feca81d298da686a
SHA25633ea31dd81d409bc96da9558e5238ecff3d82915833ab1bc9e9c863ac48addf1
SHA512056a6a8627c2cc547030fce61ac5cae877a1044b1ecc80ece058f3f80250c5aedf812fca49d276fefde552ea5fdd26d18e06f1f825aecfee606c7c04560cc6c2