Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
22-02-2024 11:31
General
-
Target
https://envs.sh/QVQ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://envs.sh/QVQ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8768f46f8,0x7ff8768f4708,0x7ff8768f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,8436748059213271004,16709579014741033924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA17a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA25635947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54254f7a8438af12de575e00b22651d6c
SHA1a3c7bde09221129451a7bb42c1707f64b178e573
SHA2567f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017Filesize
64KB
MD5b5fe8b81feb1bcf925c614346c2b8823
SHA1cb8d75d266ebe3edead777a6a44ea147f0617e06
SHA25642fdfd4dbf6e5b5c3fc118c0fb0d3cfc378d49dbdffa9ad16bcc29633977a4ed
SHA5121e8de1b176d72fd0091417e7592fd287f3810e1d1d1abec5105be1b6c6021b0834952c6ebaeb2331fe57ba25eed416e506837c9fd45f57188ffc9df7c172f7c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD565775449aa54bfb16d63234c58f4f01c
SHA137307365fd47ec8d46ee4d3db6e71d82bab1eeee
SHA2560734ac0469f11eaa6609507fd057cadf4fd69af7690dce62ed17c795d9d9fc98
SHA512b928c8e6434a5edf984b5e8badbfd138e296eeed65204d6dd9f4e0302886f678d6ac83c329589949d825a147a4fe34bc232a452aa53b648094f73707c06a5eea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e65182a802e1f1de301d2358ea394f44
SHA18e12cd46c1afc7c52e57727f36bf64f951d1b9ca
SHA256dae8b99398f77317c5a3dead666d1b37b6a56232d16bc4461cfcc8b744b79eb8
SHA5126a366b8a819b53fb1b9cadcf099af3d182dc88dac584b0ffc1c7c1e5a6609dfd06c4103897cc93130bd8bc0ad146d5224983ec5b1f21f026e0fa1e53bf5c9273
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5c5e9837e9af2d479ffccdd11305b8c7a
SHA1b15881e3ef4ebb7ca71e666847da6b181560fb31
SHA2567797ed0644df784eba006240cad266b32f7a3d6bac64b2ef41b31c7604132391
SHA51229051247957497fcfebfb0cb85d5f12c209e2e9a9b0c2eeeb5075e89c0f7716ab361e98a9c6b42cbc120d8cd994bcf803e49ed8c1e98a52162a07bf00ec29f75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5afce5ffd05dbb0f6118503c2a64b095c
SHA1d283c54c66f0cb4aa1ca493ef31a6484af396d41
SHA25646418c6a29b213c70f4b741161fd1e6d6cdc09ca9512b89cd1b1eca9b2ce8d63
SHA5124a3402588eee7e7a53399390423664baa674b3b896ea20c9b789295488f31165b617d6787be85852acca01b1cc2c5704e3d81ac0fa46ba55c1a6ba344a2c1b6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c3a9a4e06b053b384dc397261bcef877
SHA18339596ff065a47a36c61de33329b49814970dd7
SHA256bd16eedb587657322b12ba1a6dc5ad6ef0ffdb97fbf1a0ebc77910cf346247f2
SHA51201381d0593eaa0abb90570b6bad73090bf1e1d000fa9aaeb282d83aaaa6e896a1196f9d44d2760af5f26354b7c1d418cf75f98c0ef940eaf5aaa22f7c2ee68de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea31.TMPFilesize
539B
MD59f79a1bdbc257c7f5307be6362e4cb28
SHA1081eec12cbce6c6b4dc02e858acd2d9c80eb5d57
SHA256d38c964385de3b66eed6d4bfa9dfc4c02b87be6fe78438bb4b76bc2ef2bf230a
SHA5123351e0937eb776baebfb18e7ec8be62945f914f4e2ab8bd8d55355ef31fd72c2ca06d821d17eaee59161e861e72fc1eb21f9bd7eba3f1862df9c3a5212b7f76c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5723d400a1878ff9c7404f6f759b1726e
SHA17f4a205b79d0777c36de71047da343f37772819d
SHA2567878ba590b5ef6c6f520daf249e329c77f1611b3dfb16c3f4add21f48a1eda50
SHA512d26e3cf718b83087a5326afec4f308165cd5a413374726e01989c1b1538e8b769a23aff8420005b654212a559bf524b65c7d9ef8867cc557f36ab94dff63b7dc
-
\??\pipe\LOCAL\crashpad_112_ACSNOQRCJXLFWCWGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e