Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://gta-v.en.sof...

windows11-21h2-x64

Resubmissions

22/02/2024, 23:00

240222-2y24ragb5x 1

22/02/2024, 22:56

240222-2wynjsgb4s 8

Analysis

  • max time kernel
    24s
  • max time network
    24s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 23:00

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://gta-v.en.softonic.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gta-v.en.softonic.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffd653cb8,0x7ffffd653cc8,0x7ffffd653cd8
      2⤵
        PID:2376
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1972 /prefetch:2
        2⤵
          PID:3552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1124
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
          2⤵
            PID:3536
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
            2⤵
              PID:2400
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
              2⤵
                PID:1256
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                2⤵
                  PID:3348
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                  2⤵
                    PID:2384
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
                    2⤵
                      PID:2260
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                      2⤵
                        PID:3716
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1432,1240710382159468684,9726970850055979574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4580
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2572
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:5056
                        • C:\Windows\system32\LogonUI.exe
                          "LogonUI.exe" /flags:0x4 /state0:0xa3a17055 /state1:0x41c64e6d
                          1⤵
                          • Modifies data under HKEY_USERS
                          • Suspicious use of SetWindowsHookEx
                          PID:2452

                        Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                a0407c5de270b9ae0ceee6cb9b61bbf1

                                SHA1

                                fb2bb8184c1b8e680bf873e5537e1260f057751e

                                SHA256

                                a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

                                SHA512

                                65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                ded21ddc295846e2b00e1fd766c807db

                                SHA1

                                497eb7c9c09cb2a247b4a3663ce808869872b410

                                SHA256

                                26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

                                SHA512

                                ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                528B

                                MD5

                                4f2cb807e5ff2dacaa0b82a2cf7aebf6

                                SHA1

                                45f305fc208534083f5b21a136c5cac0a88a0dfa

                                SHA256

                                4b89a32b5e8bb4778103885b1fbb63e564f36bc7e3ed6d9c4c954624a441c959

                                SHA512

                                42046e1b6a5351762b8a99ae06a8ab2a64f54ce78971cba81a4cce49730b26ff138a71d2792c207fb1853b94c3d4c2d04a0aa23e2db65833d4e1de2638b22e5f

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                3KB

                                MD5

                                dedfb93170128916aea48d39fddbfb2f

                                SHA1

                                ae6bf3d7fbe6cf3cc5a1214aa067f9443b6db010

                                SHA256

                                05d190b57d70e45419c312c3dc764fe3aa4e03ee9644b854db5e85133e0c52de

                                SHA512

                                d5b13453885d22987f27c0230449daecb48d7d94ef1d624e73898bf4d2fba7a3df6116266b444b2cb236b1891bd025f44248f0e660d71aa0c28706b0acc7f222

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                14bbd807cf9a53fd3aa1439900894749

                                SHA1

                                80bc32d182b851f6be2edc37ef4f2e628fc9c3fe

                                SHA256

                                e6b4443d5643e2594603011487db4803e4b4d4d86c453b60ba87e7b74a3c7e12

                                SHA512

                                89a7d10e096589677cc52670594632bbd69496d0dee14e4637d105721d873d3cb634a25d67942dbc7e7392d4b4e5ff7793dbcbe5a4387a01c9df6a6ae84c2f17

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                8KB

                                MD5

                                64b5f5a901ceb32cbfdb04dc2013832d

                                SHA1

                                3604ed0d518525d110793d09e4a1fcb3c2236c56

                                SHA256

                                abda47bffd8530e25360aabe905c902c43bc5822459b85347e81ca89a2e3604e

                                SHA512

                                366c00f2e5e487ff29aea66167fc99aa9f6b0f7d78904de98eda1a47fd6857a1cd3e92d4e0da6ac8b3ec90c78a917dc1583d5a070e03f9a01d8313774fae3b8b

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                4848a7ad1e6aef77a4a1344def88e584

                                SHA1

                                9d3081e7329e30a62c9b6afd8861d89394c1cbdf

                                SHA256

                                58f4127453cd0a04122c6aad62233c771cbe8e2b66307c0b647cc857129613ce

                                SHA512

                                64a3e53cee1c5873b11c63e7e6a72acb3a4b7c0e60768dbfe5405ac7711eaf34e6a6a24ecec1c9a858d0ef0e62ac184f3abc104b003a5582b238defcb2fc2fba

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                4be1b122ece30102a9518a60684b78b2

                                SHA1

                                972ae0afa8cb6da56981baf1ba85a38dc4265a7c

                                SHA256

                                4a1188c494fb0534a3de1dfd3c681a43e33282d91b37c71144bf6d85f3adc438

                                SHA512

                                320cf45f4581dbc6d91425bea5db0df2a26c48e9231bfb73ad81a2d6892882eb5f165f1ecca98915a129b94796a6b41e38493bb20f1ce9c4ba86b10586c6179d

                                Download Submit

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                2b8d8ecb3fae18ea3c1636d88e5ec876

                                SHA1

                                0e3cfbbeb8778785959eb9a7fb4cd038598855af

                                SHA256

                                a75450b2cbac4193c4f9e1d96ef6c264aa7a46a4f37f5c6f36553986952d7027

                                SHA512

                                fe806ac33be5f19ac973c58be48312a64b9bf35131d4d2d9c1b3fcb859777eadb909e9bc07679928fb55c89d13c414902ac2bba2fc494ab7708ee9a7695d3dd7

                                Download Submit