Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://go-link.ru/m...

windows11-21h2-x64

1

Analysis

  • max time kernel
    44s
  • max time network
    46s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16-03-2024 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://go-link.ru/mNW1d

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go-link.ru/mNW1d
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd76a73cb8,0x7ffd76a73cc8,0x7ffd76a73cd8
      2⤵
        PID:3340
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        2⤵
          PID:3360
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2032
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:3424
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:2300
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:3396
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
                2⤵
                  PID:3148
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1544
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3472
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                  2⤵
                    PID:2356
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
                    2⤵
                      PID:1056
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,12615093891551047795,17648889142133271449,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
                      2⤵
                        PID:4516
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:3128
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3020

                        Network

                        MITRE ATT&CK Matrix ATT&CK v13

                        Initial Access

                        Execution

                        Persistence

                        Privilege Escalation

                        Defense Evasion

                        Credential Access

                        Discovery

                        Query Registry

                        1
                        T1012

                        System Information Discovery

                        1
                        T1082

                        Lateral Movement

                        Collection

                        Exfiltration

                        Command and Control

                        Impact

                        Resource Development

                        Reconnaissance

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          96899614360333c9904499393c6e3d75

                          SHA1

                          bbfa17cf8df01c266323965735f00f0e9e04cd34

                          SHA256

                          486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

                          SHA512

                          974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          19a8bcb40a17253313345edd2a0da1e7

                          SHA1

                          86fac74b5bbc59e910248caebd1176a48a46d72e

                          SHA256

                          b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

                          SHA512

                          9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                          Filesize

                          480B

                          MD5

                          da4f56b8e7676be6692a3e2bce8fe311

                          SHA1

                          7c61e9544ed991e82652862fe8d2bf9153207f1c

                          SHA256

                          ec38fe7c4712cba4666794257dc5b84bafab8a296b3503d510297018e2fd5af3

                          SHA512

                          38dbc7b9e796417aed9852c23c4be71ccfc3874ecfc05e3938102c8b5907a8342c51c18245a143bea43ad00307d44df28525adc4b674196608ed168085278d8c

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          1KB

                          MD5

                          23441d85773b411dbaffe53f788cceec

                          SHA1

                          ab17128b969798e37cd4e1a67696785d88c322f6

                          SHA256

                          9674a18681bdb716eb42ae3c7b2344955a3696bc4fd663a1f218e482b58e4039

                          SHA512

                          2a32641a9e2fc0466ed6ba12985964120f1fc58933c98ef02bb6a58522f9d0755798cf8212018fec8ca99403c1f07268b90cad44c39307c347806b20171baa74

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          9402eb2489021351f328758de6dfbdfd

                          SHA1

                          1bcfb99ed941debf00ee7617c8862043e12e2c97

                          SHA256

                          c27ab31715eec3f5ef4325e82617f46c5eb6f180d248b32287d563f168c74d4c

                          SHA512

                          6dd914fedd13b552431d4472c25ec6b046623bf6874264290706cf5056b2b791f7b1b3d83fa628f44ae1c299c61a20b6b42ae66763135e8676cb77884566bce1

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          795539a8eac02f7d5fef2a6f2269d050

                          SHA1

                          06bcb072f026c2087e4358071e5de88b34113faa

                          SHA256

                          6540eec9a426b2746d7e69ef3c56f3dee49230a0446e82cb65985772ebce0924

                          SHA512

                          5df6c07dbbe0269bdcbaf93f1cf005100e4c6ba7bdc6ae01ef396ee6ad725155d15c95658b014dbec55d1e3e8562280d0c292e6fe500da0a652daeda3681f578

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          26ead2a606a20134eca00d33d62abc74

                          SHA1

                          8d889aaf40460c4e7598cc286415d00b4ff80619

                          SHA256

                          b3b80a069307b1968280b04db1794601099cb804a663d73e88ca58080551d0e9

                          SHA512

                          93b30f9cecc331e8e9f77b8b68e9bdb0d844429790f6838560bfc2e6df3a0622d8917af782616ed1728c95bb6a849904cba561607154694a819bd3c52cf27fe3

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                          Filesize

                          202B

                          MD5

                          52aaaf74f0869bb09495291cc41c2a3d

                          SHA1

                          aeec4f1c46af79232ea576e360aef5f302f8922c

                          SHA256

                          88f8632f55717ba90ac417ddcd5e244b08568fbb974b4265aca76e425626567f

                          SHA512

                          de4b2af6b35a0ad56680aaaa053ef7760af0825f3f9859aa132c84739433fc33cdd6fd9dc2fc27070828a061bdf47c1aacad70e9c2a9d3765b85f76393477614

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                          Filesize

                          538B

                          MD5

                          4679d73e0bfee5cf7297d1fae4b8cbb5

                          SHA1

                          992a51e80f0c05972b8be33c30a8f9e31356cf48

                          SHA256

                          cfb9ce1ecf8ada22c957371ffe8b8473f03aa3b18846f9710d60237f8ac55fa9

                          SHA512

                          ad683e3f85bcca6d6377eb636a3dee3ef722c8f9e527a0b450c4d13d20c90f84e6bc2e70511a6b6abdc06f9652efa19d2db2c7a9b075c719009755707a220ae5

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          46295cac801e5d4857d09837238a6394

                          SHA1

                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                          SHA256

                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                          SHA512

                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          206702161f94c5cd39fadd03f4014d98

                          SHA1

                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                          SHA256

                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                          SHA512

                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb67abec-6d0b-4ee1-8dfa-d7e953eaf17b.tmp
                          Filesize

                          5KB

                          MD5

                          6f7955879cfaa382ff5a012ec174c7bd

                          SHA1

                          414ff7306d802a66adb3607a3243c0174b039705

                          SHA256

                          84cc04e12efd72675fb0aee1f50fd8cba65392bbc3cccb8d47a7188c99979da0

                          SHA512

                          d9c53a91d01b68139746fe4708e28ed536ac84930a0dcc7f59d995e118f5fb320af89b740152ca5abf305d469b9bcb852c52def371c7bc1e869bcc33960222f3

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          11KB

                          MD5

                          45efb29f738bc1ee39d46533ac12b3a4

                          SHA1

                          f81ee607a99e829a399576776400ba5b2b7264f5

                          SHA256

                          9ef08787a333e166b610f423e578baef27737a2a38a3356d7d9b2d10fcc16734

                          SHA512

                          693331fdbca86c516bf7407cd3178d4203d0bfa17fef8ff70fcb701aad1d512cfc2bcad268936983000a31993e7db3dab3bab13cd7cb44baf14f4e5daececb71

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          11KB

                          MD5

                          6eb07cad3a0c28e8d497c7d0fb4971cc

                          SHA1

                          8b34eb2b9e6b2af5fa860d4b748e527b9536bb92

                          SHA256

                          a57f6ee26d68a0902e40af20ee28c1cbdf2d16bfeb52e4e061abe005edb6a3cb

                          SHA512

                          9689b05b2cdd528f4ece96eb2cc20e4519c7774cc642c3e7874aa50ff4693fa4595f183923d6d822694db2a3f4ec96da5ffa77429789eb72b1c1d4a2c92f83d0

                          Download Submit
                        • \??\pipe\LOCAL\crashpad_1036_WRGFGADEKAUTUIAW
                          MD5

                          d41d8cd98f00b204e9800998ecf8427e

                          SHA1

                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                          SHA256

                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                          SHA512

                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                          Download Submit