Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://androidfileh...

windows10-2004-x64

1

Analysis

  • max time kernel
    44s
  • max time network
    50s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 15:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://androidfilehost.com/?fid=14871746926876820936

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://androidfilehost.com/?fid=14871746926876820936
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d7b546f8,0x7ff8d7b54708,0x7ff8d7b54718
      2⤵
        PID:1520
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:2
        2⤵
          PID:2232
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2760 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1444
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:3796
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:2260
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
              2⤵
                PID:4716
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
                2⤵
                  PID:2944
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2332
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                  2⤵
                    PID:1732
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                    2⤵
                      PID:1628
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                      2⤵
                        PID:732
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                        2⤵
                          PID:2688
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
                          2⤵
                            PID:4480
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
                            2⤵
                              PID:4228
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
                              2⤵
                                PID:5644
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2320,14776083514605447766,4799446132278176631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                2⤵
                                  PID:5652
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:2004
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4492

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          36bb45cb1262fcfcab1e3e7960784eaa

                                          SHA1

                                          ab0e15841b027632c9e1b0a47d3dec42162fc637

                                          SHA256

                                          7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                                          SHA512

                                          02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          1e3dc6a82a2cb341f7c9feeaf53f466f

                                          SHA1

                                          915decb72e1f86e14114f14ac9bfd9ba198fdfce

                                          SHA256

                                          a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                                          SHA512

                                          0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                          Filesize

                                          62KB

                                          MD5

                                          98a8a5d471fe111c573e93bf61d14b6c

                                          SHA1

                                          75a0d1a33fdb53af8ff78560e6a716fdc37b539d

                                          SHA256

                                          a3e0a65923306d126ffe4f9ca8b2288dbad7a02e8b8efb8c3a4ef8351889f9b7

                                          SHA512

                                          100cfaa619b5136ec83ac82c9a2333216716581ea7bbd934a964fa03fb9d92e695eeeb8e6425a3cc86348b654e15050aa1faccab7189fc4ce7e66bc9bf488c5f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          e455aa7662e9923021c4a32a3aa84ae9

                                          SHA1

                                          ed2a6fafef6a1bf53b31d2495a5d9ad0e8ef2d93

                                          SHA256

                                          e18dcf852f0e1575dbbf14b0fae13ba8d2776fd46fc20cb0ed8217ff1a9eb64d

                                          SHA512

                                          cd00abcc2331bdab6b448258beec3f36906dface77f299cc0bd215d5a6531442224ab97f00d2fe3a7d5c3c5935c32dcec15c3bab472fdf78e1f9c22fbaa56bf6

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          5b64876f2606f8c1739f73e3b1e69a5e

                                          SHA1

                                          813b7516a3501e1e4000c6d88f789387d8ef90f1

                                          SHA256

                                          6d69616437b679361cd0ae840d3660db8060b09d56bf8d54518d36979e438148

                                          SHA512

                                          4e32b3de9153d17888e23fa8f9e5a6ccbde125b44dd8fa373c552a14330081c43514103d683e60c6450de9586786835849d7984b13446c8dbcf14eb87a140052

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          5afc773737f29569fb9c1e3a66b4a823

                                          SHA1

                                          fe1512f36204629aa5e4d882d7e9d3faabb6711e

                                          SHA256

                                          9fcb3880ef52130b38acff3b71cfd722d57c33dced7fba7ec5bae3857a154737

                                          SHA512

                                          e19995df983fb4de9667281612bced6e830d814ceb9df679294adb9db788adecb27acd5b65b323e6a0b3b64fa088c4ccb8feb2c0cdb8656fca55162a25941ac2

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          c47d57d456ceb3f7c6abfa7d0328c16d

                                          SHA1

                                          16625737e706718debed9c7e6765f1db4f3a6147

                                          SHA256

                                          bfc3ed8c8b416278a12918ba1e717e94dfbc6c8a946ff97e23126f5346224fde

                                          SHA512

                                          ede70be9dbb0b87ff48871ee744bb4eacaae1756f8a29d5426b09ccc0522681dc65e94d747d2a33c7ab84f91f1faacba794c1b012d1dc484e5d4ca9dbdde13e3

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb09685e-be2e-43e6-8246-1582f1b27260.tmp
                                          Filesize

                                          538B

                                          MD5

                                          f9024d6081e7853a62686b665b00a6b2

                                          SHA1

                                          bc66cfc64cfe2280037e9fd971f7b3a4202642a6

                                          SHA256

                                          1cbf6d41d6c86f807a723b4270e3ab0904377333d6017f9e44b3e702498b03df

                                          SHA512

                                          feac0ee8e5a4f4f0ae3e4373c0a6799ba845a4d1d9c3aba8d740e3a3ef804f132d47a87b259e3967cb224ad78cd53ea197692a4b9ab28cfd0b51378d287693ba

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          12KB

                                          MD5

                                          7b69dd680a7b83d25fbcafe89bfd16af

                                          SHA1

                                          02ddb8110e29968c654bfcb2d04a3167db61d3ea

                                          SHA256

                                          2718593f58ba3c09e81dd033e5273644183eae84b09ea40b8f50cda490187605

                                          SHA512

                                          110698ef049bc3be3f4cfa849787dc5689252d5e14ce13d72a5fcf4a2e2e6f66f96b934cb8a41e9670c084a2425ba1f45732d9aca4f5a875db60b008d2eabf71

                                          Download Submit