Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://u.to/xItqIA

windows10-2004-x64

1

Analysis

  • max time kernel
    164s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-02-2024 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://u.to/xItqIA

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/xItqIA
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3276
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd026246f8,0x7ffd02624708,0x7ffd02624718
      2⤵
        PID:4656
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
        2⤵
          PID:2460
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1580
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3156 /prefetch:8
          2⤵
            PID:1104
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
            2⤵
              PID:3880
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
              2⤵
                PID:924
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                2⤵
                  PID:3916
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                  2⤵
                    PID:2572
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                    2⤵
                      PID:2680
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                      2⤵
                        PID:4352
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                        2⤵
                          PID:4432
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
                          2⤵
                            PID:3404
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2004
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5558891156530808753,3004133842163098336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6076 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4292
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3732
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:4544

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              36bb45cb1262fcfcab1e3e7960784eaa

                              SHA1

                              ab0e15841b027632c9e1b0a47d3dec42162fc637

                              SHA256

                              7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                              SHA512

                              02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              1e3dc6a82a2cb341f7c9feeaf53f466f

                              SHA1

                              915decb72e1f86e14114f14ac9bfd9ba198fdfce

                              SHA256

                              a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                              SHA512

                              0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              408B

                              MD5

                              ad3d29515e148b060691aa9a0ecc8f31

                              SHA1

                              11930f7fd8fda36b250c447762fbe98ac03c7c6c

                              SHA256

                              cdec4f4b7bcf4c0d4fe32ba62b2ee46e0050e2ceba8f579c0227e7937883210b

                              SHA512

                              f779290f6751fcadfaa21bae7d7ddb664fff7ccd3b522e1adaec8f7eb024f1bc35b6ec5ff9dbba1700c6316deb6f7e0637ee99a80c7998c00ae7f8e32216f66c

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              432B

                              MD5

                              600dd421fd2a5977e3e7f29a676a8bcc

                              SHA1

                              5990d08d65ad306d8454be5112fe62f4b3920ce3

                              SHA256

                              1b8f8043523613ee7404fc31ed5b373fe13c78eb5ca713f9ceaf023be1acea2c

                              SHA512

                              79f8360bc3f6ccd5661f380e7aec92b681f332b29be7023286de9fbcd963b66c394070827352abb1a92bf2e8a08178c6f352b87e479c3c71857e21e91a84830c

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              1013B

                              MD5

                              cc7b72cd0602facf5558518e22eb0fae

                              SHA1

                              c3a774852ac8168482a28ab0c01f49949148003e

                              SHA256

                              f7df6e81a257e91ce794b0ca2ef455d07a4aad01ecff0f5fd4759627bd080443

                              SHA512

                              639d06244f1e02671e24206d85d3e790e09a662f61c766b5de997ec27ab24e74571b8682f660a9b82ea6cd326a230021cc1f578d28f2856d31ef7acae6c1b84e

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              a00c7101d29e19e481b6dfbf351e533a

                              SHA1

                              a879bd44573b1d7597fdb07765c52e6a910848fc

                              SHA256

                              b377d53f773bf3b66bf2cfa047336fe5cec8fa907e5abc78a2acf43b38f2164f

                              SHA512

                              50ba9b853e2f71911050a95551ca044fb775882e26496c7879b4a069b90925ba05f6b7c5609bb17db47871ad8c914c91d91602bd150e9aa0d77750d9949a51e2

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              3ed3fa3afb1bc23976f53de0965251ff

                              SHA1

                              3aa2e4ce46ba1d60ef0bbd542c565afdc75b1f6f

                              SHA256

                              c8e2dca94d5c2b0f90278f9f2bc0c8d779bdce849081b94229e57cc4be42765e

                              SHA512

                              87c38bd0c4e2daa5ec14edd210be169e94b6e97bfe1e7627b54fbc2ecbafc5239a98aac28e461a56e225db258bca9a4a956abb3699274b344f21dd8bfda054c4

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              b1abca3fc9b83b2f0d51190673f82cd8

                              SHA1

                              8af6ddd7efda72dce42db180d553dd356aec34d4

                              SHA256

                              a257e8af06051ee7ecaf2997af5728993d77c7c843380776595b52fdeaca7315

                              SHA512

                              8fec47365d3db4bf913108930da0d3290da4329ccda084c76832dfa4d7e1fa027f5576ff656d851ee7066fc13cd0c46a328f2f9c2631d35961e5588b80d22a31

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              372B

                              MD5

                              b88f8745fc55dc2dc50765b3919f2044

                              SHA1

                              79a1ce39d55d4fda1becf094ebae2241c60cbc06

                              SHA256

                              823dff7aa1ab951a0ea331521aa30120cfcfa1998b77ac1ed831ba1a54ba0373

                              SHA512

                              716f4651b63b7f2ffdb53ea765d7fb453add7a0178e63255459415e5a9439d3a36f225b6ac4a1009483c18449cc1fd7bc3b9fb0d8fed613025221a9d6dacb9bf

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              540B

                              MD5

                              b8b5472e0180dc72a1b3df279fe0eb58

                              SHA1

                              57297cc13e5f8e58565b24e71d597776e8e1770b

                              SHA256

                              3f2677c66438c3414147e5d8ef88047e942f020b9f3e96170c06564b7421ac60

                              SHA512

                              ae92dd53563f651365709da93f08fae081b984cd74fe1c046120288d7c88100d54a33f94c8dd25e1a251233fdf13857b391080ab70a824ebbc2108f65ac038d0

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598459.TMP
                              Filesize

                              372B

                              MD5

                              d5158156e292c5dedec4c9b5e7aaee8d

                              SHA1

                              1cd4c669e91204903fe96bf477d6d1708cc26c1f

                              SHA256

                              2f7f2f9e48b2b222065475533009a3eb076410c8232b6f359460f505be6991c4

                              SHA512

                              e8583e1e577a209db03fa401c32038ce5b59336da551081516a92b2bf8d9cb768de3f620ed16da6e7b815fac2887837feddcab5a56fbc9db3271194a140c3abc

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              80d7a70372912669d066207d060fb021

                              SHA1

                              a4f516c911d726a51a01de516899bee3ff795edc

                              SHA256

                              cbc71ce557b659666d195277b63b0de49228c852b70e243148474eecd75a4e88

                              SHA512

                              dd6799ba322fa227f9fb03ebc51041fabf5cfa4b1caec59b5c37668eb9187cc8299a1c913aef55594ead695beb391512a7d8552a087f0276dcee8b3cbf480363

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              d7798803743a646817e74c72ec4e4020

                              SHA1

                              b9981c783dd353af2074935a45dfa0f595eaa729

                              SHA256

                              6c1fc4da726ba31e8c7509c1636a3ba574d2c289648b157f602544f91f56cee9

                              SHA512

                              1427beb18546e2a267dcbcd85db7fb83fa3f104f6a6412b92183d03f6172d6ecd0ab73dd75a43632278ae4c396135f805580f9ab87f2470d33ebeb6ef317fc99

                              Download Submit
                            • \??\pipe\LOCAL\crashpad_3276_TFKLFUTSOAHYIHJA
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit