Overview

overview

10

Static

static

1

URLScan

urlscan

10

http://go-link.ru/jd...

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-03-2024 12:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://go-link.ru/jd5VZ

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go-link.ru/jd5VZ
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4652
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe76a46f8,0x7fffe76a4708,0x7fffe76a4718
      2⤵
        PID:3024
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
        2⤵
          PID:4048
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1620
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
          2⤵
            PID:1592
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
            2⤵
              PID:2176
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
              2⤵
                PID:1468
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
                2⤵
                  PID:4608
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                  2⤵
                    PID:3924
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3820
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
                    2⤵
                      PID:4044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                      2⤵
                        PID:3612
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                        2⤵
                          PID:1060
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                          2⤵
                            PID:1668
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:8
                            2⤵
                              PID:4404
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5041190944485365316,14990534921431314630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:3688
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:8
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2348

                              Network

                              MITRE ATT&CK Matrix ATT&CK v13

                              Initial Access

                              Execution

                              Persistence

                              Privilege Escalation

                              Defense Evasion

                              Credential Access

                              Discovery

                              Query Registry

                              1
                              T1012

                              System Information Discovery

                              1
                              T1082

                              Lateral Movement

                              Collection

                              Exfiltration

                              Command and Control

                              Impact

                              Resource Development

                              Reconnaissance

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                4d6e17218d9a99976d1a14c6f6944c96

                                SHA1

                                9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

                                SHA256

                                32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

                                SHA512

                                3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                192B

                                MD5

                                1632084b3918268846c0e9f401f96f78

                                SHA1

                                b92870d1fcf746efaf569ab23be7202946903a2d

                                SHA256

                                610c7bf254d1769a272b11117c5c184c84a3904ef00fca0a96cb80440de0d885

                                SHA512

                                7a0323440c5c812dbfc89ff2246eae24a7cd0c15814cd90b474e30451b90289f6504deed0be6b45e9b81aa010df6f7a8db943c82e0c26a15151af326c5e873dc

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                168B

                                MD5

                                73aae82b98e4dcedda0a553f231055cc

                                SHA1

                                0d13d3eee0fde38353a4dedf4a99fae91b6c9c54

                                SHA256

                                cf62412bbd7a331be5db2f796449934e4c476ec6de7f27fe6107d61fe9d139bb

                                SHA512

                                a8bde36287db73f2c5667e1ecbce589fbc0ff3a84d8b09aea136f29e93db817e2ba7f35c8c18ae6efbc86783bf0fb1415902f345945d12401c555c3927078495

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                788B

                                MD5

                                229959ad89cddb91a0b2cf00564ae363

                                SHA1

                                b3a5b599d99b1d8230a39761974ed2d54c666f8a

                                SHA256

                                02e4e4c783efae4562d7477d83131b5b8720b98e0644d93e5723d943495610df

                                SHA512

                                70f83c3f4d96aed9a9eb15cd4c5eab8a0b9a12fa4eec75ce4ea0e85d6f20d16d308ba5ac802639296a6c9d3d93f303ae5f15b4c34473d5862a386dfab35da59c

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                2a64e0c79e21f066ddb4e312d6b20d3f

                                SHA1

                                49bf3110b9236c3ca079efe45a8c0a1b59945ee6

                                SHA256

                                f80cf23fc0be7b6a23dcb23d74c37447fddf5af2481e83a24dad829db4904525

                                SHA512

                                567998ad0644357ee5a249aaf755e6070d9e23395a76d1c2b4608aee26b541a231debee4fbd46fb2b35d9d75ae942ce88f18b8c85284dd30df015ecd47201dd9

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                e87581073ba4b43212465ee59e3a449f

                                SHA1

                                ed28a05007805fd5d06c0140738d64eb9eeb6f13

                                SHA256

                                d908c242424605b7a31ebd0bb9e0cb71299f310dd5e25f8d635b165dbd7615a7

                                SHA512

                                6baa46b6109d7c8df7dda0ffa6e3a2b52d861f5d30c0ef171b373c3f1e42981b2f4ce39bba8db654784ed05d673b3fe59833a050899d54f9738d219965af2182

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                1c1598487d91fe0e92d56282878fb2fa

                                SHA1

                                c361a3ee3f1c6c42c4918d547c4540f1ca583876

                                SHA256

                                3075ed7fa294252fd210ace8e38c7001d0a6451dbde23ce84a92d02054f05d29

                                SHA512

                                d594968b8fc453f93e88ba86d38b32dfe9e402f70945c084d72e0de5dee4f8406a5173c64c1aeaa903ecb3b9fead80dc680c19884e1448c49f6775198c80a308

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                4b80514bf9671b0dcd83f07ee8467ad6

                                SHA1

                                428b3a4feef6927a699dea6bcb49d7c0c3d64f8b

                                SHA256

                                2619dd9a1d303f076159bf5cfd25b27ce0d75c03c22a12f40772acf0df6c97b3

                                SHA512

                                26dcfaf528d338b65c55a3f5e65e11b10b7bf9894308c6a3ab10b2beb2baceb6d76b85632cb35049a6b41da05235eef1ff4ea6c1cf36f4229deee73f1921a192

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                Filesize

                                24KB

                                MD5

                                c2ef1d773c3f6f230cedf469f7e34059

                                SHA1

                                e410764405adcfead3338c8d0b29371fd1a3f292

                                SHA256

                                185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

                                SHA512

                                2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                10KB

                                MD5

                                817e8d559b3ffb37e3fd131a559984a7

                                SHA1

                                2d5aba761edfe0a27b6680554e4997d4664980a7

                                SHA256

                                bef7875665367d26e613784fb5bb730864f1a44e1f5ce6f6469def8bfab01f97

                                SHA512

                                cdd381b442e015e30cdd747b67de68f5035e20781c2b7117e5eade371ab39854d39137f3e011477617be4cbf0ba0276f460eeb0d57f39555fa720ade4201b69b

                                Download Submit
                              • \??\pipe\LOCAL\crashpad_4652_FHBXGGODRYANFKSK
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                Download Submit