Analysis
-
max time kernel
86s -
max time network
92s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14/03/2024, 09:20
General
-
Target
http://www.spyqualify.sa.com/Lguubcapptx/aiqghmoqe2593mcnno/QvuDts8I6YwWZcP1BSmWxHFcMcIV_-bf8Dtbs6DQtYU/tGy3mqerGRUyFTG8GuNuiDj1NKyhD0OBmmMqnyHtXbHhN6IjSpktTvkImkLYMLVa
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.spyqualify.sa.com/Lguubcapptx/aiqghmoqe2593mcnno/QvuDts8I6YwWZcP1BSmWxHFcMcIV_-bf8Dtbs6DQtYU/tGy3mqerGRUyFTG8GuNuiDj1NKyhD0OBmmMqnyHtXbHhN6IjSpktTvkImkLYMLVa1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7f9f46f8,0x7ffc7f9f4708,0x7ffc7f9f47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3572 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1968 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3760715607448105072,9497006544619298106,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4fc 0x33c1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD573c8d54f775a1b870efd00cb75baf547
SHA133024c5b7573c9079a3b2beba9d85e3ba35e6b0e
SHA2561ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94
SHA512191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8
-
Filesize
152B
MD54b206e54d55dcb61072236144d1f90f8
SHA1c2600831112447369e5b557e249f86611b05287d
SHA25687bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2
-
Filesize
6KB
MD5a1fe5adf57be379a70162bae39d4b616
SHA18595f8a8f0122512430248a34c2c7a537dcf2b80
SHA256addbba1e27c304f816566278622c14bcb7454156f9de7434f4f34c746b00107f
SHA512c952a27ba85ab76df81be47303be8cc5645893f571a9a67bd677a54bf86d8b76615a6f67f3e97ae4c2ddea772bd268b96b583822cf8612ada23e1b2c45dd6b7a
-
Filesize
768B
MD553244f944ac099aecbe943eedab30d67
SHA16ec9712fe314a1611a1339d44ea17d6e500b4105
SHA256071e6ac7f5a06a15cc15ba1709376dc788f28dba7572a1bf821871c312f9c32d
SHA5123b485990fe313945fc9724cb27121513d35ef9a72bce7dc41bdeb3d6483d5109c63880397058f0c3b98c720d644c647e314b815dccf280c675e376cfa2b785c0
-
Filesize
3KB
MD59474167ae7f665b0ea418b27a51bdaf6
SHA13dbbdf4d030b5726e0a6ea9c3eb7a4e716a5ea9f
SHA2562fe7f732a2b72f0cb342cee2089e49ded6af73f83365b7c07dfa6349c9ce75cf
SHA512e13c6a12b1a7cf7f65ec253d54de26d963eb21541c8af722ee6c0c410fad6ef61674bb41ad0024a7b1c3d36143d5b2afe75f35a9d2211d8335d4758e225602d7
-
Filesize
6KB
MD5e9b09d1e8ecca89592638de94a1ff1f5
SHA1ea3b774c8fc2408fba01e544fb96102849b43346
SHA256cd1bcdcbe6ecc8e809585cf88142a108954bf1c908cbed52432c32956c72e007
SHA5124b9ec5e3d981c83c266443faebe902abe0d60f4613306902f569b66f68d3da19b36660805556f19aacbdc13a705827a763c67bf2cf97dc7d6cdf87c85a8beae3
-
Filesize
7KB
MD537a8aa415e67551286070c2a10423dc4
SHA1ca6d097f9ccb53e1135f4d9f9b26358306c2cef2
SHA256eb3a8fbd1d4f4ca7cd80be1e74767d4bc0042b53082c264225c6fbea226ed213
SHA5127fa5d6434acf9c1ebaece2b2583bf4e3bf8c492299f731839b5125fc02036d0d7894b88281d28b44b14b7d0bf7a4be57e3c4835e588e9db11fb834251f57c67d
-
Filesize
8KB
MD507fac446818e536424553678286b9392
SHA1b73485b664138880aaa378728f6904f812a2a079
SHA256aee4baa2e3f9432fe67537226eec00b7882fc75034c30a72f0ad1a2f79299dca
SHA5120569dab12b4df63133da3a221720be20664390e50235749a2622ca31a01170cdedd0a98c25743da018870e42ee5a4379f667de148a3f5abc91ca83411abd1320
-
Filesize
8KB
MD5156060b0185efd56635e5dd7f2e4c07f
SHA1e2cef0d89648bc1c7c77eda42dacd32e67af5650
SHA2568120d4ea14ef157040438644c5a1c6197866c11dc822c333b7ec3903a42ff538
SHA512a20b4fb11519cfdb854c6fc469bcafd5bf3e86150914694e2b1e46aed3f51ad9ba2a0a49f6f03322bc2030819d4742d1581719cc86614f1de869ea9bc304b066
-
Filesize
1KB
MD5581652ba34885c5d6b7ce91ef99543f8
SHA1f9521b0d42f25bcb454b3e7319a52062591b92aa
SHA25642377623efd3c0b43d616021c5bac9536737efe709c0ba361dde27952e264a5a
SHA512b11b8b490f434a9524a28ef9a0ff2a405c82587c58132829045c4b09d63c2a6ed0a2c22755ccad602712b13bcaf1b8793d32221ab937056d90f2f3ac0ced3111
-
Filesize
1KB
MD5c61bc1a64dfe788b50e07bac920cf94d
SHA150a2c5b2c2d094244f3b3f86a07e5bb1ac05443c
SHA2562d6d890ceccba5d88fbe0079f1539874f9dfea323121710c726c02426f6916d7
SHA512dc6d4ee40724d1b48610db9fd9b5fa308527031acd4e980b642831b65571ce7584c337958c2a0764b9318c5fbecece7d963673f04b38dc06d62591b2e690c5a0
-
Filesize
537B
MD53830012df94b0d76b4a6af666c0fcecc
SHA13a70c7817f37b781aaaf3bc66c030df5ec95d73b
SHA256fb8f301150724defe44a6a81da8227e4a4fef77a6c02af5bbcac71fa052cbe26
SHA51282509d34a0abd43b34ed2677b1ff8f701e9b71de66e14116bf3889e44b0ef437db663045b86af0f3691d341d2f931ad50d1c4786a4d1055346d95d0c884cac8b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5309b0aa1f5ce23f2340dfdc223715aa1
SHA10c1f6cdfc988f746253bb8fdbd24c79813052491
SHA2563b83cf44b52a1acd945822bfea802fb2f608bda3a29f36686fdcc5b6d2ae4d3c
SHA512980928ca3359cf35785caa9970697e97220ad030e8b9465c5a026e8ca893c2043d7ea451ed97aee726d540b9f4097fdd665ceda7de16097ec750d22cdea3c955
-
Filesize
12KB
MD5c66fa725cf52a2001903e32488b56a32
SHA1ed359732150983aec30fd2f573986809150556c7
SHA2566271acc447e03b14ba036575a25faa5bd44f7b1cc6bc76b4336302df913dec5f
SHA5125c50ecd472ca185b3ad1ffc9e9d2d1097d5054a19616689b5b3235e7262e695cdf0dac8161cc6017fd08303dbbb4984507f8bfa065d6c7c2d190eaeb0dfe4040