Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2024, 20:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.wurstclient.net
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
https://www.wurstclient.net
Resource
macos-20240214-en
General
-
Target
https://www.wurstclient.net
Malware Config
Signatures
-
Loads dropped DLL 25 IoCs
pid Process 6068 Setup.exe 5828 Setup.exe 5940 Setup.exe 6068 Setup.exe 5828 Setup.exe 5940 Setup.exe 6068 Setup.exe 5940 Setup.exe 5828 Setup.exe 5940 Setup.exe 5828 Setup.exe 6068 Setup.exe 5828 Setup.exe 5940 Setup.exe 6068 Setup.exe 5940 Setup.exe 5828 Setup.exe 6068 Setup.exe 5828 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{9C6A49B3-8191-4EBA-A581-F548D97FF7FC} msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 6068 Setup.exe 6068 Setup.exe 6068 Setup.exe 6068 Setup.exe 5828 Setup.exe 5828 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe 5828 Setup.exe 5828 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe 5940 Setup.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 5828 Setup.exe 5940 Setup.exe 6068 Setup.exe -
Suspicious use of WriteProcessMemory 2 IoCs
description pid Process procid_target PID 5940 wrote to memory of 5356 5940 Setup.exe 131 PID 5940 wrote to memory of 5356 5940 Setup.exe 131
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wurstclient.net1⤵PID:2920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5432 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:4828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5816 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:3496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5020 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:4960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5504 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:4280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=2624 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:3412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:2784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=2792 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:1200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6544 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:1896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5716 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:3384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6436 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:5224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=7008 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:5312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3936 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵
- Modifies registry class
PID:5320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6212 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:5556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6208 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:5564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8224 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:5636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8332 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:5740
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5828
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5940 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://pcapp.store/installing.php?guid=5BAA2AAC-6F09-498D-A5A6-E1E70CF8EBE4X&winver=19041&version=fa.1087e&nocache=20240306200155.77&_fcid=17097552904335502⤵PID:5356
-
-
C:\Users\Admin\Downloads\Setup.exe"C:\Users\Admin\Downloads\Setup.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:81⤵PID:2320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=7844 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:5820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6960 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:5728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=8740 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:11⤵PID:5640
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b5597e367f97c775696e8c7e378992d4
SHA1aab8aaf94000fefed9aee6c62174fcb144440ffe
SHA256cf50e07242260196e4418a0c4fd22a7b276a8fe04c043f92520eac99ee543d8c
SHA512c3be3c7b7ef702f70a645a2475460d01c64c130a4a16fde01756be65a9044587238b79b3d445886858c05452af089429c3ff96208a2ff2dd2b98e69fe7f2c12d
-
Filesize
2KB
MD57beabaff8239fb67c5d406add4649b17
SHA1f0ecfbe3de3cebf4121d19973eb1e36f76d00232
SHA256e487ef20b7eddc09de95caae02d3cb6552cfcfcd2de2deb8cf61be350ee4779d
SHA5123e0c252174874fcd1cfd795d8fb13fd1af4c19639d399073c12b0ba40d0cedd90917f18c71fecbc3dd05e73bb55c37acc23c54535e968c796d2ae2e124164861
-
Filesize
3KB
MD550e3bd97636e78bf2cf788bddf66ee21
SHA1805049d323f34c4a2725da7a7a36c8a17f7169e8
SHA2566ae6e53f9bd33ea67b61fb72149eaff831b4a926e743269e175bc64522655fdc
SHA512f02dda8d1c763935519a4e1897499bff9a216446dcbf6b3cf97c3f3357c803b38969bec65479ef7476275e7b94585bc06e1317749ecbd8447fb80da5f3d10e1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0
Filesize471B
MD5420bbff21d374ccd71f4b571c30fea31
SHA1bbb0cab5d9697ec255d24f407e099003c9c0b09a
SHA2566702223b9c970e478ba29f0d89a5f72f12e2ef60a150a14167f5d33939544256
SHA5128116eae652cd6c51b27ab7ba3a6049f29f0e5c3608f5a20e29664b8d20cc9b5091d83bf4ac7921c9f66f72223fee8ce68d2ea53f90e2c2a4e4ec2b94542aea19
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
Filesize471B
MD598d7610ddf260256dbb84169010f36b5
SHA1972df0d31f725b2a99b01a18ad0b0638cd2d431a
SHA25655af72af7a604d52e8b70940d5c775278fa9dbbd4524d1f1c731056742198d0e
SHA5123bf25928037347d21ae3b285a5559fcf28d77a5e3ca0b4e5a650f181adcecd74e64ff605a08662ec0e090d4c6126615a8fd09bea54b7ac66cc6c58765ac57882
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0
Filesize404B
MD5bab96fc042156187fa943e0920efc816
SHA1603af1cd1f8e2ac1011af79401ed00f9f412af96
SHA2568fe3b4a3b2955678432633ae27285fa7b3db79766730a157fc9fb430472f7535
SHA512a0de1ffd26b375157f02c26b73fe7c9e96c4ead59e6b916beec9dc6510d31c4de88d47d001b1fc36d5ef3298eca8637a52affe3380149519c18c4e801fdb0cbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
Filesize412B
MD511b8250c671a100223a4a5cfe133a3f1
SHA112a4ef6d5de20e01974de5585c1247dcf63efe04
SHA2567c56dab2dacccb855b3b33af91705dae98df0018edd21a1b7f164714d7a11727
SHA51247a399225748bb40dfbb08afa9719a63ebb8da5d7cba19b64d97ca7e351be8b5d7f071d4132037fe761cff32d9764444bbc1cd5b3c2ed7b69c3217c47c79f3c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE
Filesize412B
MD5b263757338d18aab8d2dfe94122f2799
SHA1f363b119ca18ff04c1dc690dab8dbc60c89c426c
SHA256c57650bc2fa6ecd0df564e235e1258ae23323561998d9405e13eeff49b5275c9
SHA512a381a653738bb05f1a5a5aff5e190013ba063011469d04b5794f6277d21a42b6e755aadb5b8183e07f17a626e5e469fa3bfbb1842dcc0fbb6dd45efa88af0bd0
-
Filesize
997B
MD51636218c14c357455b5c872982e2a047
SHA121fbd1308af7ad25352667583a8dc340b0847dbc
SHA2569b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045
SHA512837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
23KB
MD5f4d89d9a2a3e2f164aea3e93864905c9
SHA14d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA25664b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
38KB
MD5a35cdc9cf1d17216c0ab8c5282488ead
SHA1ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA5120f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf
-
Filesize
9KB
MD56c3f8c94d0727894d706940a8a980543
SHA10d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA25656b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA5122094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355