Overview

overview

6

Static

static

1

URLScan

urlscan

https://github.com/B...

windows10-2004-x64

6

Analysis

  • max time kernel
    480s
  • max time network
    591s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-02-2024 03:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Bbalduzz/Valorant-Account-Creator

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Bbalduzz/Valorant-Account-Creator
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6a6b46f8,0x7ffa6a6b4708,0x7ffa6a6b4718
      2⤵
        PID:3332
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:4260
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
          2⤵
            PID:1628
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1180
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
            2⤵
              PID:3108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
              2⤵
                PID:3776
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
                2⤵
                  PID:2948
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4580
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                  2⤵
                    PID:828
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                    2⤵
                      PID:2344
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                      2⤵
                        PID:1768
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
                        2⤵
                          PID:3504
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8459024223429488455,6055816467737574585,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1356 /prefetch:2
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3568
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2012
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:224

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            e189354a800c436e6cec7c07e6c0feea

                            SHA1

                            5c84fbda33c9276736ff3cb01d30ff34b032f781

                            SHA256

                            826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

                            SHA512

                            ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            b9e3e150cfe464e9ebf0a6db1aa5e7a2

                            SHA1

                            3cb184e2781c07ac000661bf82e3857a83601813

                            SHA256

                            2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

                            SHA512

                            f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
                            Filesize

                            78KB

                            MD5

                            f501b926bac85f05eeaae60d9291280c

                            SHA1

                            d289b679e5f67809b23f2a01b19423fec30a6d62

                            SHA256

                            7b8b3e5927e6b6bcfe7dee254b89f66050d7d7ec7c41853bef684feceb6a646e

                            SHA512

                            dd996e704d7346b867db363082d53872edab05115865601c9ad1423452485c825cc53cce2b7e7ec7f42b50d1038e4d99fa467fe79b98603806e01dc9211f0ea8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                            Filesize

                            143KB

                            MD5

                            91c72152e71d7ea188cead8935128aa4

                            SHA1

                            da0660681b74df16af1737be23571ddbf4637419

                            SHA256

                            8a8be32d31dc6f8f5bcbc64c286ab56c038ab20357027fdaee1d8d6229b18962

                            SHA512

                            60eca19e235a36dfb4177861c0c0341519494ee48f0da2de96e763401fd7bddcf60418a6342c034b6d35b8d4e0a1730ee1bc4e77ee5d055748ae7e7e848a7470

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
                            Filesize

                            120KB

                            MD5

                            466fe27f2a00ab2463b5bb7d827812b1

                            SHA1

                            e239a67ae1084fa188c15bb25ea48cdd9db83e55

                            SHA256

                            ff34a2816c7558419b7acca3ac1671a8be677d2f32b81baf8dd1227db5af18a7

                            SHA512

                            8d0d6104a8615e776addd91880d2a129366c678c3f19412caa8de0fa2df5b71415deaeebb5914260a704cf2a75a6cd9df7b0f4f943263d279a42a1aa7194cae0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            1KB

                            MD5

                            2da465f4e6400d3ae706b7214748ea25

                            SHA1

                            1fa55805078eba128d2871403df78887af0662bd

                            SHA256

                            e88a671dc47fbcd72d7d747162a71877995092e958d1899807d5c7ff97d7af83

                            SHA512

                            fe85face78d3be16df30435e76c5cd0ba20eee520752830a2d416048fbdab67be8ab9c4ef2b1cf2d1177eed4750ec71ecd39bb55b2d66ac61ab92ea65821e1a3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            679B

                            MD5

                            7d11b28c0555ddbdc7935e9a2fc3e5e5

                            SHA1

                            5b9084f1375ee9fb032a9a735d6a1eda8e7c39d5

                            SHA256

                            25ce1d4dc61c9c2c6a91fd6085985afbcfd104be3f26966727e42c30b1961f3e

                            SHA512

                            e1db722ce54da55d33b554be689bd4b60537a59a72819727110cd826322214b63ebbb4474efffd049be244b0e25d1f53382625602b5a4860fbca0e1897afff4a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            7dc3fd4dedff5a6a29c00d078152ba33

                            SHA1

                            5b8f122ef370f7edc010c8b25fd03780258c41de

                            SHA256

                            29e79afb6ffd200be86b4b7d9fbaafdf042660c53040ab59bc16e17d57b2350a

                            SHA512

                            7129abf94c042dbce112e0438c733c415c53d0fa14d31daa42c4ba3758d8f2bbfffcfb1227b5d94b953cb0d58b2f5a0d4066d396a783290e9449ae515950a145

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            af6329c63afaac2ce9bc0b42ff33ec00

                            SHA1

                            d5877f964795c4396d73941f180bd45010814736

                            SHA256

                            ee3f1077721a7f2f8ca9a29426823464eb6576fc0e728c92d77e31c1738e5aa3

                            SHA512

                            0e79dad7d23fed606c0bf0857fd2565da1a528965136e4583aeb9dc40f8cef49168c17bfe93235d86195290f10763065b2d126c9247ad32b4cc8a970b9f66d9a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            b705e3f6b017e6de0e088ac6a80b8fe4

                            SHA1

                            2ac1bb90a28ad1b0f9ac3371aaf98ee601ac098e

                            SHA256

                            d042890aa34f13496208ca342cf716525c6257b8c4f7653f209df62baa64c226

                            SHA512

                            4021d52937654b8c89db135a4d09383a2a2b6f6f5039149915b307143bb4b35664acc622d15d8f209524e85c14b411d2fe73af1a8ec34ff315d864a4810caceb

                            Download Submit