Overview

overview

10

Static

static

1

URLScan

urlscan

10

http://sexyleakz.com/

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-02-2024 13:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://sexyleakz.com/

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sexyleakz.com/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf86346f8,0x7ffdf8634708,0x7ffdf8634718
      2⤵
        PID:232
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1772
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        2⤵
          PID:1616
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:2372
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
            2⤵
              PID:4304
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:3332
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
                2⤵
                  PID:1372
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4856
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                  2⤵
                    PID:4380
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
                    2⤵
                      PID:4940
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                      2⤵
                        PID:4140
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                        2⤵
                          PID:2768
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12195273456262996046,15681643435240563028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                          2⤵
                            PID:3768
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4492
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1352

                            Network

                            MITRE ATT&CK Matrix ATT&CK v13

                            Initial Access

                            Execution

                            Persistence

                            Privilege Escalation

                            Defense Evasion

                            Credential Access

                            Discovery

                            Query Registry

                            1
                            T1012

                            System Information Discovery

                            1
                            T1082

                            Lateral Movement

                            Collection

                            Exfiltration

                            Command and Control

                            Impact

                            Resource Development

                            Reconnaissance

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              f4db60c9bb06ea5452df26771fa873ac

                              SHA1

                              c118183a1315a285606f81da05fc19367a2cdfe1

                              SHA256

                              f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e

                              SHA512

                              180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              f5b0bf4edca2187f7715ddd49777a1b2

                              SHA1

                              eb78099013d0894a11c48d496f48973585f0c7c0

                              SHA256

                              562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

                              SHA512

                              1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              192B

                              MD5

                              0c91e5b090c00175f996dc1b770a94fc

                              SHA1

                              6ca31f8b5b541315436e43142d4e19239fddbacb

                              SHA256

                              dd251a223a2616a62fa0b4ad5ff8cbc703685b31cae121bc7c1e6b83ddc8b2ef

                              SHA512

                              0d22bce82928ab944f1f2c79004863e2a2d605e7324bda966d7ea8bf491dff0ddb8d596a8d26fe48d4f90d5adabb1e97cc5a2b7443c95428335775080654652a

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              596B

                              MD5

                              3ced1ebd77b886713cf727d3ba4533d7

                              SHA1

                              ed307322c20245afa1478015b0d6e30126c4d277

                              SHA256

                              05e4b9d5391f7407a72993f4e3ddeee9f1f096d99d45b79eabd6809f68017509

                              SHA512

                              1f808770c17a3f1b4d47bb4f193dcbfe5546e05964410cbf6bb0387cd49680e78be22e73f143c24acecabc17663aabe8029648d4a7ff3550693281ff88b6a568

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              f1d5612f88192adbc2b153a6af190ad6

                              SHA1

                              bd6438f9b633367abb6ccdaf826cba706286c3de

                              SHA256

                              26fd1124972c16f9bd0516ed5c6c6b8bed015fc953372cb5959a710eb27cd9e7

                              SHA512

                              201d64b35db6e4a6be1f2340dd49172aa1cc73d3fc277141521e0b1354be6e79d2523ac2d0cc8245edad441a8fce59a8774f9ed6b2c5d16fe0e724c3829ff1ff

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              24d9557d9db28d011ea6ff9dd9cd2bfd

                              SHA1

                              c27404b81dfbec1e07bb5d05b5ffe3e905ae3a49

                              SHA256

                              d15580f4539a02f40bb98f659eb4d83c92065fc37d53716f3e77e877bd76607c

                              SHA512

                              e0fc1a988cee1daef00e3be53e4dee3a36cc95454f91c23b1af0978a5d4f8e6ea46c8d5c8a4cd697c4915457605ab1f08ecb1b28222f973c74e4d905ce3595c0

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              0d800197e76aa04b1ac62a97bb1ea4ff

                              SHA1

                              bf932114016407149f47b7892415ad8c6cf0e1b0

                              SHA256

                              a7e88de25cb2a6c5c302766bc524d0f5fb66e78033944848e9934f9d6175d54f

                              SHA512

                              a0b56082c012d808ba9f3c843cb3af210dac269cfc9e90531780c15983c81d19c069c56f614d822ee9c1faa1e3f7d547e45d0619cdd0c5e5d052f643e1730fac

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              7834d61ee0088890b94402f2ac09b383

                              SHA1

                              620cd6b95989ae745b30da07580b5e2dd5b3595b

                              SHA256

                              9e831466e6900ae772173d7dd10b86f44305a101f3be91a19a9fe9d40cc2cde2

                              SHA512

                              3353af400e72c44d1ce0bb17b2af3935d42401b652396c1d315acd1df27284029799a2b136da2480d74bcdd1f1c388ab510a92e5ebb3c5a6fcfadee0303438eb

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              33e691eeaa1cf130c672cf0f0aa2c408

                              SHA1

                              fb5a0a66d762d16dec0da0ce6ed3adcee64d1184

                              SHA256

                              36d9a2aa7c33c61828e2a24dadd89ae1acdc79336d940359fb646b9b17503a7e

                              SHA512

                              bab7c2121ce21708cf55028e3e4e830f3bb865fd53cb4ed49aebe69784f12f3398d2639d9b0813e72391e37c3242852f1c21221a3be495d6757fe5cda6604a8e

                              Download Submit
                            • \??\pipe\LOCAL\crashpad_2688_DJXLDFIHHJIXWWTW
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit