Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
15-03-2024 09:51
General
-
Target
http://ur8ly.com/yj5XnK
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ur8ly.com/yj5XnK1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb21046f8,0x7ffcb2104708,0x7ffcb21047182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5220 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\krishtokrushthelovebecomeabeautifulovetounderstandhowmuchshelovedmetrulybecausesheis_____greatlovertounderstandhowmuchsheis.doc" /o ""2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5467274111369400573,924594065899271984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fd7944a4ff1be37517983ffaf5700b11
SHA1c4287796d78e00969af85b7e16a2d04230961240
SHA256b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74
SHA51228c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b
-
Filesize
152B
MD5a774512b00820b61a51258335097b2c9
SHA138c28d1ea3907a1af6c0443255ab610dd9285095
SHA25601946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4
SHA512ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1
-
Filesize
177B
MD589980a1c70673ad7c5483b89857d824d
SHA143faf6098f3dc7f1ad95c9a33a674c7c971de512
SHA25674640b178d29e398d1262d59a4971652690c6bcdb856955940dd4a0f74535a4a
SHA51212833c64f031c0b5707602b4f25d4340d06f236286f34de7386f30c60962e9070be8bc95928170a3c2b95ce7cd71ebf7ff35f9cc9edec35a8bc2ee4a621a9e0a
-
Filesize
6KB
MD510905636e6c6c0ed30c0a4cded4ca083
SHA1a00fbf1411b1a8a7a14a9765c017c96f4a9e67e4
SHA256f931bb84b73a09996e84df3f794ffa9d7b6185aa76b8905f726dddaf113b5e42
SHA5125c80e23e608b4e51b4ce16ca2cb669f5b3f471df811ae1c078eb1cdc21ccf0ceb87ad3baff47cc8ae8fb144825f58f7176dea3d33ded81b114620f65fb8a4cf9
-
Filesize
6KB
MD53ee40bc0cdd19254faa199d43505a015
SHA110b6d79c268a10ec8fa3b2cf90746b80c5380b43
SHA256f982a878fb464985d10e526e2ba3e21cca06d51e0dd02bf0a0f1f974727f4972
SHA512c8ad7cc27ceb0ad074ab9ae42ef798c99dc5156586e46df56ec6ed9607c957b527a1566157087827614ecc343a6be4189117d8679bf5e48735bc896c8166a07c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD517cfd3b8581b18af88afb154bfba3f59
SHA1a5d33b96c77625ac5f69b1fecbe09f28ed932f8f
SHA2562030201b827ba35b488af7fd642a0e2dc012b5d7303fb3e7ae068e514ee1da13
SHA512b64956144e97b8cd3efbe2b5358e7e3c13a06fb78de70b5ccc1a8c14a25354d106ae5652e57c34d1d640781545dd47bfd4dba864c3486be0f74cf0bc77ada18c
-
Filesize
11KB
MD5a5dc2a6174aa7fcc9dcad9a427c54661
SHA110724f94662a2cf97d34f6f4aaeef7726fe4b22d
SHA256c0f6aaf7316078f61055c7ca45d110889a86e0cc446c0ca5c146db5748381cf6
SHA5125355eff95e24899f2020db663264ac27f5dcc59514af7dcb41bd55b9260fd19a5c73b82b9c57320be9acfef251bf2e403149931670b733af171074c072a08ae3
-
Filesize
4KB
MD56bf4fcaf30e66fc602730872dc15d8c7
SHA1d83dbdbd7cdf62fad1e7d24f495c41307673ad21
SHA2561ddcaee7940b4d45187a02638f71180192ca9c3a77a465d566182e5232893bc6
SHA51243cd76d8f2eb358b7b3e0348c5f91081e9d62bdfde875f242b7f567092e121e035f82a4ac0abed6f16ae3ca6ae56028ed76bb272e7fdf1074ce202f0393ffd11
-
Filesize
479B
MD5d7bcd2b1fa44947fa298e0b41b372884
SHA12281f724912ecc000eb34a516cd1cb7683e1758f
SHA2565f84fe94ec855224ddcf327dcf3746a0e563d8f3de719cdb5ce6980993998e27
SHA5125b574d21dc0d74e7312a17bbb2a03bc085ea649a249e7a26cff400077400b06edeb17772e1771d4c653a4ea102e31620d4d890e12494162c78ab35e66d00d1ad
-
Filesize
4KB
MD535966c637ba68ef8702eb10c82ef3538
SHA13c2e51663ecc06583ebecf1c4ca5e93ff14583e6
SHA256f54fff11c746fe3cba593e9179ef10a8f9106c5e269e1016bf23b551b2cec367
SHA51202567191744fff10208abaef7b0ce7f4fe65c50d84f1355af4f782ed17fffca2d22977995d05bbd25d8c0bbdb75e00cad1ea8ffe92e501d56840c1dbdabb2ac3
-
Filesize
3KB
MD5421d15b8868fb85dc3f322fbf0c466cd
SHA1b5ba7a47c93607046afac9f7c18c8cd6192ebc66
SHA25647717f5ef24c4a60f9670c16a0122cbebd9715c53a51e4e535ccb7b762d17b95
SHA5126745e0e351b8eefba82a5a5ab7d865fa30646b4cd586cba3d72318e2a0c8ae6b645a3db59fc3b75ada3dd3381c047f2113c8ae12ffc867a9977646a388cf00c8
-
Filesize
70KB
MD58129abc7b545b3e42fee6d8b0f719de3
SHA11396c25a417e8fb7cf4e6b72899688b9f6ea8329
SHA256c4d6e9d13089b15a952d9bf10fe34c7fdc36ccfa00b61039cc9c81cdc7b84686
SHA512fd6407b6fd8c2c300cbf47f01a3b294c45f13c80b9bdc9bd0a1a629b3a9d47b1d1b84c782fd03d5cf9d520805decdf76c9c7d5830014efd528b89426b7d6602b
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB