Analysis
-
max time kernel
145s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
25-02-2024 13:09
General
-
Target
https://u.to/9iZlIA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/9iZlIA1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8584946f8,0x7ff858494708,0x7ff8584947182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,17240271072525247687,2665265609354493021,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1308 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD565a51c92c2d26dd2285bfd6ed6d4d196
SHA18b795f63db5306246cc7ae3441c7058a86e4d211
SHA256bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01
SHA5126156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ce1273b7d5888e76f37ce0c65671804c
SHA1e11b606e9109b3ec15b42cf5ac1a6b9345973818
SHA256eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c
SHA512899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD58d6360880f539eba974cf511cc5daf82
SHA1025ac9b820260a27a09b8f4f2b97210ebd81c392
SHA2563c3a7cf5b69b394de029687c0624201ceb7a8461b77854cd8351ab04212e46aa
SHA512367ab40c68504abb72d434daa103de313b9a0d4914ea6f198278987fa243a9c4ab28cbfc39bfb1472f341487cf029c308bb6785120e71e61839dbb6c2c139149
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5c02273e31c7f6b0072fdddd3cfbae302
SHA1dedd8811a9aba3932c383fd71cd7bd5a9a0342d4
SHA25661564c1fc5ad3a47ab1f254c80f952171e6418fb0a7ff864a7a0f3a34d6a5aec
SHA5123dc6ba649be967d45af25cebd30cb88ca4599ccb59ac9b5141884eefe5042018810897a18743e92eea4ec409cba66eda27c3806f1fb42589e2fd2a804adc5f7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD59fcd84a4d47e013d1c8b69dfcc5ab783
SHA143fb2ec160b312276fc5fcdbfc69728c0e8356d0
SHA256fd184254f58543690aa97aa40daf9fbecef73e75fadb6d6b7715e1f6f7d96781
SHA5123ccbe20e9ac11305023465ae81b7f0f86c39f955a0f8ac6274a11ff973097560b7ca8af6095d42538d1e67e51e61416e2d602c13f91ff28150d61859f0dd40b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ac91fc8701be9fe08a8855a2844927f2
SHA1b1bd7afe412f6cc7f2710f7cfe9d622bb8747732
SHA256e523d3c35afe8b015eb4bafbc55239d2e3eb1024e2d2ca1c5c7be6a20d992014
SHA512ee797e2618dcde5217a81404047717b75a78911a88c44e08efdc895c307d271d7b9c88a8e6c4fac2dd188ed2d9b6d113cf23471f8fa251e8fa8a83b26a0295b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53ef568db7fdd946ec1da3689fea3a164
SHA117c4824cbafed968052f8c4cedfad527e9911e58
SHA25661d49bcdba98af21b315d46c65b1fd587d6ee8e0b11962a3ed9e1178c52388db
SHA5124dee653949320c6442548deecc0cddff47e363f75509e0537f42bf9219fe9385d02177468a8de1ba5d670923c85ae7680ec49bc62d86c941a7efb4dda600f865
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59d0fc9c45d826a289b838507a3cb5091
SHA1dc69ea541bb31b23b9c9f88c4fb69be75031b17b
SHA2561f1f53f4dbd956733bc8612673bdf7ad599a43f89a0058e6ab7d8d4566a61a19
SHA5121d7368b0e22fab77ad0925ce54e51354509d51c01d5ac3ed2b24142e9e23a06594755b3e038c3a0597bc9e09fe7a2e8660467e6cbdc431961fdc90e1f8fdf060
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5603b624731fd22d37ffb63844491cef1
SHA1b3ab0de7f6f17682d3ebb2244025b92aa694c6d5
SHA256a60aff976a4c86ed8d0071b931d007f3cd92b8c73c255d918ba979b0332e9826
SHA512da2a4ac31e6828d248515aced593293e181f953867438200210dd4b9978a78b20f94bd8b77914e46f890a3f59d84f21d61efc14bbfad143324288429ddf36418
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5cf6c9d55f0ad4be7ab769e67ae1df80a
SHA18b3de32776735fb1be65387642400460d9ab6c6e
SHA256696dc0d28f834fa32c36aabb956a14e107208fe79fece0a9dd7cea292d475a6d
SHA512ddcab517a816967dec2a3a32b8d7ff163f787408555b16776e07be189a48f69933cd2713564e101d1d0131665d684fd907381d882a2fd9b9cab810e44720011f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD56bbef95b2b152c9224acb14d01cf3994
SHA1dd67ed636cde814be91bab08761342dd2249989f
SHA256d9d36e03661c96e489b3c898ddaba0b1eaf8bf5ca0b170da428fac56b1aaccde
SHA512e21ac70b617c0c427ac0e0b51a8e65306f230ae12ed7e097db6212e9932a5c6111e1e28f94234fca23e217bfb455d0872bca96ddd45df5aff7a4c79de5f73fef
-
\??\pipe\LOCAL\crashpad_4848_AIUVEVYXAFQGABJGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e