Overview

overview

1

Static

static

1

URLScan

urlscan

https://www.google.c...

windows10-2004-x64

1

Analysis

  • max time kernel
    86s
  • max time network
    91s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.google.com/search?q=breckie+hill+onlyfans&source=lmns&bih=1291&biw=2519&client=opera-gx&hs=dHR&hl=de&sa=X&ved=2ahUKEwiEg6u588KEAxX9qf0HHfn1A-kQ0pQJKAB6BAgBEAI#ip=1

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 52 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdd21746f8,0x7ffdd2174708,0x7ffdd2174718
    1⤵
      PID:4068
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=breckie+hill+onlyfans&source=lmns&bih=1291&biw=2519&client=opera-gx&hs=dHR&hl=de&sa=X&ved=2ahUKEwiEg6u588KEAxX9qf0HHfn1A-kQ0pQJKAB6BAgBEAI#ip=1
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4772
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4792
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        2⤵
          PID:4080
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:5008
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
            2⤵
              PID:4536
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:1840
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                2⤵
                  PID:2748
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
                  2⤵
                    PID:3920
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4616
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                    2⤵
                      PID:3376
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
                      2⤵
                        PID:3300
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                        2⤵
                          PID:4344
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12951115853478532770,4408885793664286622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                          2⤵
                            PID:3124
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:2592
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2176
                            • C:\Windows\system32\taskmgr.exe
                              "C:\Windows\system32\taskmgr.exe" /4
                              1⤵
                              • Checks SCSI registry key(s)
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:3648

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              360dd5debf8bf7b89c4d88d29e38446c

                              SHA1

                              65afff8c78aeb12c577a523cb77cd58d401b0f82

                              SHA256

                              3d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef

                              SHA512

                              0ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              6fbbaffc5a50295d007ab405b0885ab5

                              SHA1

                              518e87df81db1dded184c3e4e3f129cca15baba1

                              SHA256

                              b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6

                              SHA512

                              011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                              Filesize

                              195KB

                              MD5

                              873734b55d4c7d35a177c8318b0caec7

                              SHA1

                              469b913b09ea5b55e60098c95120cc9b935ddb28

                              SHA256

                              4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

                              SHA512

                              24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              120B

                              MD5

                              193edc04fbdda9b86f8f46e1cdfedef3

                              SHA1

                              3518ed476f940fbc2c77f84f1875f3994817e574

                              SHA256

                              776e8250d419858512adbd6d108034e5c5640ba557305cab82cec46299725226

                              SHA512

                              fa1b90bbc449af52a5318f557897e1de109c9fb24f227fb45dc277c34b53cfed814bb1b8b98b1dc89e4b157c759cabbbf01ebc2c60fd0ed71969d74a839d3b3b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              120B

                              MD5

                              737bc175340811515e084adaa7cd8a0a

                              SHA1

                              69807bdb953a2573a32ea81ea5eaebdcd190fa5b

                              SHA256

                              c78550b78fee49f9610148e31e98f7cacbce404c8d8ea9af54a9553becdd09f4

                              SHA512

                              24685715770ed816e3083cea5f111b2da94ec65b52216643e8ed1e4b8c17ec57c46a7d902c6f9e5ffaefff0c3cfe875420dafafa661b8e4807146c9d2d105fee

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              815B

                              MD5

                              13ddc76cb6774152c6b62d3ce98cb2ae

                              SHA1

                              b078277816dfec73c94c7e648d85d56d8ceae2e3

                              SHA256

                              4d047f6ed7c9f2b9fa33fceebdad0e9a8aab43cb858824a7d853b4457c805841

                              SHA512

                              9adab4f6d2bfc739e7f3da8e3c446c1cb733c81e3b42dd6bc5af3fbb64179da551a6e10c8e62dd7d3a8b6cd8fabbdcf9e955a60c0c5fcddef68cd4a8efb991bc

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              06bbb7191d9bb6ebe1593fb0758941d2

                              SHA1

                              4ef65c28247684afb4d3876cc9f6cd532094fdb2

                              SHA256

                              52f1e0e7a92eb11abfe60dc2cdb6e8d19325f6a9ba71d517be33381157234448

                              SHA512

                              fb0968fb61901f21a8ebb18d70d962324a6df86e737fab4d77cf5ea4fed0d9b42e44ee150273e3cf5de86932d5d233d43e758447f5b85c5c3c29416e3b599fe1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              6028f1cb32de626e0c38099da15cb68e

                              SHA1

                              b0d45050a9c7c78013db58833a6d322bc45ca2e9

                              SHA256

                              f7b86c2c552020b3b51ccdbb141cf31a6be552c80de0821fda975a6ddac48be1

                              SHA512

                              693c748b91237042344cb3ea68aebfef63a3ed85f8e8b27c0a04dc8df2ba80477dd107d1266c436b131127d13374b4791b2fed0ab18a32b92884be70d4ae62c8

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              04bcf273f1fb3f68b3d4e22c12657b44

                              SHA1

                              cdf6d2469e19cb46312ede264fa2e4e688309e47

                              SHA256

                              a2e31a4077fdf25c3198729fd420db59475ba94959fc5cc71bacc384e51c017f

                              SHA512

                              4d9770aba7cafd626feb4a0524563ec51179da29e504bea9dae27100208b275b8a5ec3305987ee25eee9187c54c6786c079bb40c00fe5a81f839b34838ce88e8

                              Download Submit

                            • memory/3648-41-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-52-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-51-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-53-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-50-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-49-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-48-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-47-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-43-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3648-42-0x0000013B7F3D0000-0x0000013B7F3D1000-memory.dmp

                              Filesize

                              4KB

                              Download