Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://u.to/VE2FIA

windows11-21h2-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    103s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-03-2024 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://u.to/VE2FIA

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/VE2FIA
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbff343cb8,0x7ffbff343cc8,0x7ffbff343cd8
      2⤵
        PID:2120
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
        2⤵
          PID:3200
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3516
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
          2⤵
            PID:1496
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:2032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:2224
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                2⤵
                  PID:2204
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
                  2⤵
                    PID:3464
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4580
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1104
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                    2⤵
                      PID:4244
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                      2⤵
                        PID:2808
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
                        2⤵
                          PID:712
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
                          2⤵
                            PID:5080
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1880,470265091976338061,7290495427028338289,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:8
                            2⤵
                              PID:1448
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1332
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3500

                              Network

                              MITRE ATT&CK Matrix ATT&CK v13

                              Initial Access

                              Execution

                              Persistence

                              Privilege Escalation

                              Defense Evasion

                              Credential Access

                              Discovery

                              Query Registry

                              1
                              T1012

                              System Information Discovery

                              1
                              T1082

                              Lateral Movement

                              Collection

                              Exfiltration

                              Command and Control

                              Impact

                              Resource Development

                              Reconnaissance

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                341f6b71eb8fcb1e52a749a673b2819c

                                SHA1

                                6c81b6acb3ce5f64180cb58a6aae927b882f4109

                                SHA256

                                57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29

                                SHA512

                                57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                88e9aaca62aa2aed293699f139d7e7e1

                                SHA1

                                09d9ccfbdff9680366291d5d1bc311b0b56a05e9

                                SHA256

                                27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c

                                SHA512

                                d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                456B

                                MD5

                                eaa261918271c485d8cafd690e817b01

                                SHA1

                                f9685284bab6d42f4224e3c9b9bdf80adf181b4c

                                SHA256

                                04d3ee6cd635d6f90913e835b3835f1dd30b65cf292da5485b133a6bca431015

                                SHA512

                                00f38262880becec95afe66f1615e09020921fa37eef91285c88a24f1abc4424465bbf22b2ac8d64910ce01cdfcc05a2649d94349ad3aa396d2d961307c9a695

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                111B

                                MD5

                                285252a2f6327d41eab203dc2f402c67

                                SHA1

                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                SHA256

                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                SHA512

                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                952B

                                MD5

                                28e1ef52a1d55df70d784086f8e6d2ea

                                SHA1

                                ee8155d952a590b21a6fee9a9edcdad862782f6d

                                SHA256

                                ce8811aa46feef4f8998d780fe4044bca9496fe6fd057a8fb54777bfb3abd317

                                SHA512

                                2351da29ff5ca71dfc4005ad7a7a373d37b6562ed8fddab6d15c36e311dd02efdf2398ba2ef05a2952f65e358aec7735caec1caf52cb3c03409465bd1a6d1d86

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                5KB

                                MD5

                                09d10f7292df2ad24c47782609293990

                                SHA1

                                7ad0b1f13ca4a6d868d3fd8fe7a0914860489e2f

                                SHA256

                                a29cd7dde939047e0f1fc723d88ab1a790bbab3c8cafaee9144ca0553ab36f53

                                SHA512

                                27b2cd9fae8690878252ae29fd68603a0b49bd0d592012b91f2d497e7e9d817a3cddeb1f26bc81dd7ceff09cf50c490c60fa4eb130198e1bf4570f164d56449b

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                7847103c78087209cbf5eca6144a91a4

                                SHA1

                                0f34b9d3b793282bd7019fefc65471d692adc29d

                                SHA256

                                e76039769b7215029dc995127b090f4a27f3ade925e193a26097b34bd3a9a3a1

                                SHA512

                                1a3e8eaa1709d411b371541720ac9118d55f3ff5ac730d244c122c65550bd9dd0851c3ebdcf62f3637c06937d6ea3de562fec15a9f649075c1304ae8a56f566e

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                f8400ab53bf91b9d706d527d5fa646a6

                                SHA1

                                0f88e540f90b95f559f2b7ff206b367bbac1369c

                                SHA256

                                3af68d97a6ce69f0de1afa0f15adca31ff887e7ed5665f3179403b6922956f87

                                SHA512

                                1f391eb258a7b1740d852a54ca6dd1a9dddc0aa6fc9474bfa616d98aeb3a646d2583fc24cd1b904aa6972974767fca551be1545b5ad18341547b17c4ceb85067

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                Filesize

                                537B

                                MD5

                                47f897da2a7992cac690d3bd203ad568

                                SHA1

                                57f6ebc0e57e7272bd3424761f695379a0900381

                                SHA256

                                a786b74029c03a175a20ba3b27dc903cdcc0a630d31936aab2a5138603c37311

                                SHA512

                                97d68455225bb597925e35f48b61a2cff734dac8f797b33d76d638d651eb03eb6cb25cf29638f6c05df3f1654a4371175ad2092a22fc927fbb607969503c1d3d

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583f65.TMP
                                Filesize

                                369B

                                MD5

                                03ffaef006fa24da8a0f54671d3f4639

                                SHA1

                                3d439e32bf4b9b4345952208a4c120c2b1794208

                                SHA256

                                5c0a25aaf69f8a5a2c242835c87d4e9b07b5ad3ad4d438283c670105a6d4530d

                                SHA512

                                b544bb92baa84a5c8806e4e5a360867e7a879ebe46fc3c7f945792903a26ff56c49722cce4df42c0fae982b830897b8af3c13b81789b4c033928977e350d029b

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                206702161f94c5cd39fadd03f4014d98

                                SHA1

                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                SHA256

                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                SHA512

                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                46295cac801e5d4857d09837238a6394

                                SHA1

                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                SHA256

                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                SHA512

                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                b275cfa38d1243382967effe55ac95a1

                                SHA1

                                436c34923e3dd4f78e2e9ff52529bb146b2a40c0

                                SHA256

                                bfe25332de86f787ee39c141002beb535e2bbaa1703fbdb445bd0830eefee689

                                SHA512

                                976ba5e0d04cfa9f8e742842818f5bc5764bd05b8189cbb7a26e0fb78bebddfa2da49583ad8966c24e1ed26e7eb8bae70d8ef4a19df048e18ad22cc7e5049b60

                                Download Submit
                              • \??\pipe\LOCAL\crashpad_4444_QAOAVLELQUEKGFGI
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                Download Submit