Analysis
-
max time kernel
142s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
23-02-2024 16:00
General
-
Target
https://cloudflare-ipfs.com:443/ipfs/bafkreigzy6i4gni6ooiwrikluydpi4khj7whwm2v33lm6psontrxgwvapy
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloudflare-ipfs.com:443/ipfs/bafkreigzy6i4gni6ooiwrikluydpi4khj7whwm2v33lm6psontrxgwvapy1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb53446f8,0x7ffcb5344708,0x7ffcb53447182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2724 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3688 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1876464226396022649,11644636853038714098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5360dd5debf8bf7b89c4d88d29e38446c
SHA165afff8c78aeb12c577a523cb77cd58d401b0f82
SHA2563d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA5120ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542
-
Filesize
152B
MD56fbbaffc5a50295d007ab405b0885ab5
SHA1518e87df81db1dded184c3e4e3f129cca15baba1
SHA256b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b
-
Filesize
187B
MD52633ad632f758aadbe228019695a4f1f
SHA1b7cd996ce3f0d6e0dd95a72e112a049673f11de1
SHA256a47ab53c920122c122f12960776a13514dc9cc047cbaf8d5bd2537727616e8a2
SHA5129d82b685c517743391f10b52f84bf6f9c2ac32bd8d65875c2a40eaba5bbb7799e218c7506f497296ed509a0592ba94d7ddde01db1ef3c9234c2c53e12fd133de
-
Filesize
267B
MD5592b44dd7850332c2d08c64e70091bdc
SHA1920a6d3802483e4009386eff75e18a010bcc06e5
SHA256621a9969ddb10aae2d53ac5e1b8bf54d111e308d4befa947bd4f41cf264384ea
SHA51240e1424938076b458d32ac8558fa6ef2110f8a6d3abe6fdd62e904a681d1b9db9e3bda588fff80cbcf79ec9d5be3587b5bcfdd8e377724d11852220636048c02
-
Filesize
6KB
MD5930e226ff50fb1786d96c84a7672bbf3
SHA1d12e0526a52e174c695d5d83630697a8eefa78a1
SHA2566c11dab994094b65d9edf03d5840cef52b86b9f33fbfa33e620ad9f8e23fa694
SHA5128df8d306f935b4d247ff089d3b1860b6905cb1bfbf2697cfd44adc3469e220cdfa60dba715797105d9b4b8d321f9f8ff4d581992a1eaf2175bf1d7f4155356ed
-
Filesize
9KB
MD5a6d5a05e74d1d89751614a3e11b359e2
SHA1e3cd2cd71eda448e6ddc54051e9179dbd64ed913
SHA25647d006151d271107c3ea1c07ce3c4195f4eefe271ac798f22ce926a5355e3c5f
SHA51225a3750b764bd624511e845e991e99a06bc0bdcdf600deeda753f742370d82d9db80ddd98e33b81162fd195fec14de975b317ef3ed6b6e8dd9444d7ba3e4aa68
-
Filesize
6KB
MD53e3c3becdff9188d52a1869ad695b2ec
SHA1cf84084e5e5ecde96de42831eba05012f5b8a4e6
SHA25622df74740091cf2035e926d925365dde17051b184ff80013b77e0b2ba3109804
SHA5122c84d907a73be72d01dc0c1591b60d95ab0478cb63188a8bc8bc840ab9d97bae256b45af990b858ca0fd43f544ac3225ecfdc822b5621f303f515834305a8cd4
-
Filesize
9KB
MD5a1a554e41539f706eb49d4a6b6eb0842
SHA10ef004eb20118e8c390919e99b2a5e833d50f164
SHA256e90d0b86e276dd501dcb10f88a005e60a16a9aeb7af58f127c75b67ad247f1a1
SHA512f017475eca1991062f18c132b2c40da4c7c2d569aafb6613ba2b5d218cd65e9d90d23daef990c630a7a4ff2c0ffaa4151a05bc2dd5b798ed2c36f4fa4cfd4877
-
Filesize
6KB
MD5ef78228c5f77e3f641eb92d165c48cb3
SHA1e924a09d900a9aadd4bed4a8b14b6bb7ed28d71b
SHA25602c8746a17b290bdd1e843af326e045c194aa2c66e5175ced562fb2e2070c516
SHA512ceb16a57c1e15f9653a0c65ef5f8ac81b624d3089727d6253cec107673d4486a9842e0299f74a9537a401aeeb855e533f2baf75711401af70a81fb598b2c3e4e
-
Filesize
6KB
MD54aff463ed635ee7a76c64b66167b8b1a
SHA1c73c6a833b7ef2ec6fc278bb90c55a32646f888d
SHA25674773b7c6f19b4a12013be925ce60a495c0bfdcc1cb7113760c4967f171048c7
SHA512fe1ffa489d0d992dae68fa754c55866a26058e2db7a1a9c1b13783a98eeb8579feb4efb024cb28cc5b791b2930cc91e2c0ed8c187fd546dc970286da74c7142c
-
Filesize
6KB
MD561f54bb782e4256dbe9ad6b4838b8be6
SHA1452f15fb318b4720496b5edae868b27078142af2
SHA2566d815181e84668cc5d58f2f05e80cb761c8daf911945175cae5ca46b3f746cee
SHA5125c972960f83e79d082da15553dc26914c238fcf6463c965a947989709b4a703e99bfad3cca67ae33c41e892c7b01ace8e2b57dff2c3fff240ed96b55e1d2e1fa
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58c88d5b302eb499f668d989a9cf6995a
SHA1d9ee2365493c708db9155453e1a1158f832c97e4
SHA25646271fce4f0b3185b414e3883d86d5ca44f26dfb3b0ed38e66d2dd0d03f50bc9
SHA51271faffea20236fc835ad8c7c59e352782d8b63d17a045c82bd0f1df86694ff9feb5d28813f42850fb57ae072fb7f386df0a23834bf1d6831081349abe9b0b38c
-
Filesize
12KB
MD53185c6cea6b81b85a23fc162de0fa95b
SHA114607c8775c1d4e4f0ffda8e95f463f485c76853
SHA25628ba7dda878f31ee9017d7fc9d3d4172a294e6efd32ac77d51a07ea13663dcb9
SHA512bdcffa851910e98de87072334e34b754eb0785b26c55ba2648e9575fe20d97d595a83b7b1aea5e75ff78e87fdc4b27a6cdae643214c6a698946495296f6058c6
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84