Analysis
-
max time kernel
147s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
21-02-2024 23:34
General
-
Target
https://kyusodev.itch.io/my-second-family#download
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 13 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kyusodev.itch.io/my-second-family#download1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc06cf46f8,0x7ffc06cf4708,0x7ffc06cf47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5132 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6400654121760404696,17254170003751406360,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1304 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Mysecondfamily-DEMO-pc.zip\Mysecondfamily-DEMO-pc\game\scripts\characters.rpyc"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F5EE4212C7CD518602DECC44B40B19F6 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4F468013D38072BF7B24C986D1090684 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4F468013D38072BF7B24C986D1090684 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:14⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD591746379e314b064719e43e3422d0388
SHA165f1a2b5a93922d589142a6edf99b5b35d986dba
SHA2560b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7
SHA512a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808
-
Filesize
152B
MD5ccf8b7b618672b2da2775b890d06c7af
SHA183717bc0ff28b8775a1360ef02882be22e4a5263
SHA256ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420
SHA512eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97
-
Filesize
168B
MD54e5e7e875e1406dfe046b7b69741de87
SHA19e8dca38a9b39122b72dd80c6b188cdd16aebb31
SHA256235aac22ceb9c57f87e2a739ace4a80eafd2ba61fd161be9ca5da8dc7d79ffe4
SHA512e8ede0ac474970474e19763d8f612674fa7dd29341f4d149757b0e22ae1159c5569e0c5445a96638896e16fb2384ef429244c39de787a36e7aa2f4126e618f21
-
Filesize
192B
MD56144dfd15c6374a56457b08e1c2492ef
SHA13fa696814140c07e607a800f08167e781a9823ad
SHA2563fa64827629c64e11e22cad4146bf6be359a48f43634298df3f7fa1e2e4e779c
SHA5121156f4e6e8eeca9e301fb49b67f2aba56637175700f008b49e948ca87194ecf756a24bef66975b7f7db60982ad33b98cfe0193c2a2823a111da6ca819b3d09a0
-
Filesize
1KB
MD5a01d543b050e1e9654847379cbc41c96
SHA1f74c5d88a527ee4a2ee798690c2f5b5f7d171645
SHA25645b6b55eb660e7ef46863a5b550b0c73b805514bcdf867992a41ceeeaeb168ed
SHA5128b1c2845469f855f7454d5c60def4dcf141969036a9916eeb06d3c752f4abaecc65281cf13fa96f3e075519e15b46f0ec063478f254e76421f4086352d493ed9
-
Filesize
6KB
MD5ab4b7f0fcd98ab39400d681e0220f7e9
SHA1f9f4befa7d7dbd9fe686155dc8c9e4f71f2a8c54
SHA256ff3ffe136308e65d0b2064469ad5c822ffb677da0568dde639a5749838fc2633
SHA51230885e4ccd71b8306956ca48930eb9d5b015c7573d3dc8ae11df0b68a8015b94bdb6ff36c4d2734dccee56a617143f162210f346d958602de5e4dc0b88978af3
-
Filesize
6KB
MD5f5bbd776cdcc6640994a75dfc2e68251
SHA169241f0e6b245598817f0b7373e7bdfd2e10bacf
SHA256b5d41adc394a03f5f4a9073435c83ed9e52aa536f59f0bf51ea25ae4d9e2263b
SHA512ab0eed122519f442e1dfe89dd050660d4222c183559df7a02df50b0ca8433f0f214781e3244088bad19dda0620ecce55d480676f696353f7b9f146cc200d43e4
-
Filesize
6KB
MD526d7d1bb4afe3ed42dd0bb44c5bc926d
SHA157bc146430932ee07420abf7a6b599f155c95c50
SHA256dd11bcd673263326069b44abb81cf22787a680a620e2ee5e8e9c84ff7df10b07
SHA5126b05c95c65f48d733363b97988fc84347c57ab1feb37b0bfd80e5fe0d118e12e2e4a119b6419b6dcc1f74c63ec167fcd3116370f1a18a52dd1c63c49d410d557
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bfcc54bb29307a062421b8c401133cbb
SHA1b73be96c02c72eb5e8b3a49275b2629e51e50d23
SHA2560581369d598c92f24fc9bdb1ec8ae8808471a312bb8ee5a9af2cc27a2450ad44
SHA512158236cd9f8078552a52a865bdbb0d1f03d889b5780c060dbbae62b8578e6c4f64156e525e10ab01d961177096472e2c6b0e832640c6bc68d5ed42c55fda3892
-
Filesize
12KB
MD5ba19618615d3dfad5ec32138cf76df3e
SHA18068b76a584b1fd89aa4ffb80d5601639a06f607
SHA2568785f188d7a91b4d8230d8a04f3716a50e8e667600cf1c4fca18c56430be0dfa
SHA51245c7ecb4f301f39f3beb1e25637c37b3199de5e5b95b525d55ad60d39f8f68809fb30fa1a05ccda57afde9182a754cad6ff6e5d327641b21fdc7aa90738777e6
-
Filesize
1.1MB
MD5240c09510a72f2a001e77e851b035e1a
SHA196775a5da9ea14ede531d40cc58a2565443b9281
SHA25600e20ad087f5041bcccff5ef255da625522234e497afcb494a084fe80beda368
SHA5121b8a5557bb64f5f57f45e7bf5879cb63ceecacbf14165ddfba874405611999b74b06244d87cd502ed7d615ae0725bd33485317087eea8f3b4bbd674ca27c1206