Analysis

  • max time kernel
    294s
  • max time network
    314s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/03/2024, 00:52

General

  • Target

    https://click.pstmrk.it/3s/i.prefinery.com%2Fprojects%2Fvlppyaez%2Fusers%2Finstant%3Femail%3Dcajulian790%2540hotmail.com/ahc/6hG0AQ/AQ/bf37e917-1b3c-4145-87fa-2427c2915286/1/jzdV63uqUt

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://click.pstmrk.it/3s/i.prefinery.com%2Fprojects%2Fvlppyaez%2Fusers%2Finstant%3Femail%3Dcajulian790%2540hotmail.com/ahc/6hG0AQ/AQ/bf37e917-1b3c-4145-87fa-2427c2915286/1/jzdV63uqUt
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffe7f2346f8,0x7ffe7f234708,0x7ffe7f234718
      2⤵
        PID:3680
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:1896
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2196
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:2732
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
            2⤵
              PID:224
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
              2⤵
                PID:3436
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
                2⤵
                  PID:4588
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2432
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                  2⤵
                    PID:2396
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                    2⤵
                      PID:4560
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
                      2⤵
                        PID:4372
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
                        2⤵
                          PID:3476
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
                          2⤵
                            PID:2236
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,8097021307585869825,17699187987682329268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                            2⤵
                              PID:4940
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2944
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2584

                              Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      36bb45cb1262fcfcab1e3e7960784eaa

                                      SHA1

                                      ab0e15841b027632c9e1b0a47d3dec42162fc637

                                      SHA256

                                      7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                                      SHA512

                                      02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      1e3dc6a82a2cb341f7c9feeaf53f466f

                                      SHA1

                                      915decb72e1f86e14114f14ac9bfd9ba198fdfce

                                      SHA256

                                      a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                                      SHA512

                                      0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      96B

                                      MD5

                                      2c18bc50f167abfc723c4b171c50a935

                                      SHA1

                                      84dbce87e28f9fbc98f715ba7d71dcbf8554e480

                                      SHA256

                                      0811aac3353a8fdfd4f7456dc257dd8cccb43d964dd18bc02f4f0091d9744d4f

                                      SHA512

                                      a55658fd97f4395c433b04166d5e479b9d418d1be514944b1fd1895fe8a7810a4a92b3462ac89139e566bf36e5d93cb9cd19347893fd7b17b9aa0ecd61be27f1

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      111B

                                      MD5

                                      807419ca9a4734feaf8d8563a003b048

                                      SHA1

                                      a723c7d60a65886ffa068711f1e900ccc85922a6

                                      SHA256

                                      aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                      SHA512

                                      f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      333B

                                      MD5

                                      c823d0d147d65a816d36143dc3b84573

                                      SHA1

                                      eb3115dfa4787ba4868e918894c52e1597b000e1

                                      SHA256

                                      1ded28f24bedd28e7aaf300b8d23a34b305af6b5d8ced5546fd946000f3d12bf

                                      SHA512

                                      a9ce0933881560e352f36fd7d71355e02bc5aa4670f4013341f6bfff18cf1f7ae28404668d08d7d97dbcccaf9d580160cbfdf0aa63a884152d22ae52d92e22b2

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      49b6abd9ec3d918089310baf3603eb94

                                      SHA1

                                      5da2e70ba5ae84ad2fedb2428b5c992f1138efa7

                                      SHA256

                                      64dd5e1966fd4a08622a6356f845e261cb5ed282cc22a02e4c3c67ef8bbaaefc

                                      SHA512

                                      0ca86ad12fd837df5b95c8b0197ecff8f09fd5c9cc18d676db3c3171e8f1438b0593c9989d53203c059d3b871870cbb9851e95c091309ac84306351a9ff398ac

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      18b4d2c26a8106ef77b8f409fabb31bf

                                      SHA1

                                      db8951cf1258e05b130d9dbb1dcee3560aa67f59

                                      SHA256

                                      0374733e5b20a21843315a332fa24b47da9b2958a66809b17423691873103b5e

                                      SHA512

                                      cf5bfd0ae468c2c93c4eb61914c099c27b9444b6029d195f64139852295ce2ba7e550c6869530e1e969c20c699b17c138e6cfd6a33e815d30826209afe55c9f3

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bc19dc8c-ea38-43eb-95a0-2a68f7de66a8.tmp

                                      Filesize

                                      6KB

                                      MD5

                                      4be2fcadd2b357eac6d64b289b32c4fc

                                      SHA1

                                      a862ffef8a2a90b8cc85d437d8022a8b72d040ee

                                      SHA256

                                      e2bfb19f838e60f928480b3aad0497975cb60448c126ea9f34ec793ffc5d5ab1

                                      SHA512

                                      726175fe10d130f6ee0c1eadbd9048303175648033d36e74937e68b7c0703d1fc6e53c015b6274434bfc28c63665ef95c1f6987a43726664a48a2d68a57a8197

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      9eb92ff445af7b240acc6a0522423ae4

                                      SHA1

                                      1d15700d75bfae10837a9fb2ab05489b963c1b86

                                      SHA256

                                      be05c8dd14d66924a07704172db39c78e91236f4fd26be9aadc2de5e8d633e8a

                                      SHA512

                                      09766ca93acb1fab8d3017677119c88f6f6206c610741f95da48d298761386087a0deabcf332e836a18118c61859548805ff9def3f74cb74d47a64d4bf7073fc

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      12KB

                                      MD5

                                      62512b099b20fc2803f062ac2f745c04

                                      SHA1

                                      1234b3516a0826f3d85fb31c7ae2ff6c7128ed09

                                      SHA256

                                      986a604b54ae3674014db6d43bd9db914f1e4fcdccf81528845701710222ed26

                                      SHA512

                                      75bd2c58251224bbbc5acf2f744f8beb87dd455b0f6b697a120ccb8d9549d460d54d556e7fecb8acf9cdf21053950f0450cc2e61ae4fcdc144afac47685da14a

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      12KB

                                      MD5

                                      659e04e65b25aa6dcbc72ed03413d9a5

                                      SHA1

                                      9c6423a77b0f611a096e266c32a9db6d586872f5

                                      SHA256

                                      a711d47dda24e1acb438412acbc411ee2a44fdb089cbbc7bf9406855588b88f7

                                      SHA512

                                      ac4d7e94eabb62feb18aa3070db8e5c3a5c95525d0862c815ff27f08a5f5ca51c59a8f06a774ae229182fb2a3da009839413ffe2c2c570edde232345dab741db