Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
24/02/2024, 03:08
General
-
Target
https://www.mediafire.com/file/b10wd0yib3fx8h4/ValoPY.rar/file
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/b10wd0yib3fx8h4/ValoPY.rar/file1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dba146f8,0x7ff8dba14708,0x7ff8dba147182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15174939738305581652,930868555265666989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5360dd5debf8bf7b89c4d88d29e38446c
SHA165afff8c78aeb12c577a523cb77cd58d401b0f82
SHA2563d9debe659077c04b288107244a22f1b315bcf7495bee75151a9077e71b41eef
SHA5120ee5b81f0acc82befa24a4438f2ca417ae6fac43fa8c7f264b83b4c792b1bb8d4cecb94c6cbd6facc120dc10d7e4d67e014cdb6b4db83b1a1b60144bb78f7542
-
Filesize
152B
MD56fbbaffc5a50295d007ab405b0885ab5
SHA1518e87df81db1dded184c3e4e3f129cca15baba1
SHA256b9cde79357b550b171f70630fa94754ca2dcd6228b94f311aefe2a7f1ccfc7b6
SHA512011c69bf56eb40e7ac5d201c1a0542878d9b32495e94d28c2f3b480772aa541bfd492a9959957d71e66f27b3e8b1a3c13b91f4a21756a9b8263281fd509c007b
-
Filesize
204B
MD5c264d8ac131d1c09bbde91fde62594ba
SHA1669cdde615e8654ac82c547070bcd131a788139d
SHA25687b74c1e261924c85f8f3dab24aafe953fda968f654b8415b50a45fc76661340
SHA51288f42a7cee35952da8d5ae6fdf582dc14570be9e97cd426465cb78fb8bf9385f04b85e687a20b2191aa6a8fb7774793e399ed6e906c5ab9cc92d1d0edf840bce
-
Filesize
288B
MD531b431760268cc6b091ae1c88f06baae
SHA16b14a298a5c4cfbb0fded933e669b3c62a0726c6
SHA25623941101dcf1ea4a3e979336fe5e5861365cdc21c9defa31edd8201feb10a1a6
SHA512bf9e475fe860bc13fed8d51ce2cfc66b1bc6a02da3007f21d2ef319e7e1b73ca2cc0220d714ba6227fb7d36db7a3e3d0f24a7e7cb99df13579a062174da18855
-
Filesize
216B
MD5130f258af46f222e7db27d2f168c7074
SHA1f7b4ea851d71cfd1f1bd04b54639bf91239224e8
SHA256dae876fa9dbe37a290519693acfa4a7983f87b2827de69abf47cc42feec87792
SHA512550e0b929d68605c1fbeb534aca1caf70919630abe49341598e19c147929759d6c6115dbf9611719d26ea60fa342cbe957b8d638e6ce9ba2e3f01f6826c43e9b
-
Filesize
1KB
MD5533668b31b06cb3e4a6a96278fa1536b
SHA1663b30e3414d54935dceb2a947d245941a9b80cd
SHA2568e2936991504ffca9b7117f64c617f56e7c6deb9059f1649e0130bfbc09452e2
SHA51259345a6c30cfa4a7ad912da010f5d8f80298273b7c0933b306ee688ffed90cfb0885ae2e19d7a419024b885c062bf66f814368d242bd78a5678d0af0d2dd0afc
-
Filesize
6KB
MD5ca4f7295cd36f2b463254ab874081129
SHA17ae41fddadaca63da97155e6b9cd12c8964c7133
SHA25692639c1296b7eccf8a113433131df6770b70ff6d60860e9e30a9723a4807d486
SHA51203e3db7007a180355f02b77fbdad44887235839c753febe3a15f9496fbb77a004bafa24042aaa9bee98ac141d4e9b0174e97d2f764b17ea10af96959e1ad21a1
-
Filesize
7KB
MD5e0508012130e2fd098b7710b3174d243
SHA1f65373e81ea05946ff273a6d8a2ab28bf9ed86f1
SHA2564b62989eadb9b082467728f45be0e1ef83d5d22826ba9f7bf405f0979407ca9b
SHA51271fc70a8f68aa262ab1d6c070f4a45c0e0c8f390167597b4fd2bb62782e89729c1bb732440609db59e581a2a834b97f2e883d87524a5f37e706d27cb057daec1
-
Filesize
7KB
MD5c568111d2ad66238a557e7f22875a00b
SHA10049ad8dfa3f9f9b9e43da572d9d193c9082d5a0
SHA256478f004a5c91f5d0925e276a226acc48f4e49435058030805d217c84239c2578
SHA5122f4bf2516d77d99eaccfe6d30aea572d55a8adf54d7da86e06a8f371a7d42dd53eecbc856137d3730eeb13c28ae91bd664e12572c60872a00673ee7bdf109dfa
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5bceb577c9b7a08cce47c9c4442bb0765
SHA1ffd1d19b00fcedd6a92e9dddaee4c3b50aac03f5
SHA25686ea3db161e873969d8ace1697124c6590d7acc81027a2a00a7c363e72d50f86
SHA51236530cdd338c8b7c8d06333a58a42727a8d8478b106e031b87c5ce44df78af47820f6b4a51963722a8f0a035d3a4fd1631419290f438b5b1f8c233378a99d6bc
-
Filesize
11KB
MD5af711909a6998fc5fa0c0509b1b7b3e4
SHA1dbd2a78f293185c62515fbaa9346455a99d4065f
SHA256d1505a0a5339bdaafd4bf7e64cf5b4836c1d90651e668ddc8342370ed228bcfb
SHA512c4b08dc3be96d991a8f6da8c9757d00661dc00ac29c9ae3b6300795815516f18aeeee83d215a1ac4b48be1265e2b26507651eb5690a876d7c771e53aa0caedf0