Overview

overview

6

Static

static

1

.url

windows7-x64

6

.url

windows10-2004-x64

3

api.js

windows7-x64

1

api.js

windows10-2004-x64

1

api/uc.js

windows7-x64

1

api/uc.js

windows10-2004-x64

1

api/uc_api_db.js

windows7-x64

1

api/uc_api_db.js

windows10-2004-x64

1

api/新云软件.url

windows7-x64

1

api/新云软件.url

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/sec...ex.htm

windows7-x64

1

images/sec...ex.htm

windows10-2004-x64

1

images/upl...min.js

windows7-x64

1

images/upl...min.js

windows10-2004-x64

1

imjiqiren.js

windows7-x64

1

imjiqiren.js

windows10-2004-x64

1

include/db....db.js

windows7-x64

1

include/db....db.js

windows10-2004-x64

1

include/db....db.js

windows7-x64

1

include/db....db.js

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-04-2024 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .url

  • Size

    196B

  • MD5

    13e7411a23a7fc127bdd4b7ff9da88a2

  • SHA1

    3fef75d8a1525c9321390da0ecf5368b6ae12ffd

  • SHA256

    2987f1659569d8128a01022780b6d55778e93e90d41e64cfee7949f1b630a559

  • SHA512

    5a5485306c083d91a249a3e3b6d2b2f5745180fc40ca5d86a9e6dfb9f997ecc59ed1c59c0e15efb0cd3cc331a8f0c9074f370af6d8269891d00982bbeda3abce

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\.url
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cenwor.com/go.php?w=tg.jsg.install
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3616
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff918fc46f8,0x7ff918fc4708,0x7ff918fc4718
        3⤵
          PID:4620
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
          3⤵
            PID:3784
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4780
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
            3⤵
              PID:3216
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              3⤵
                PID:5016
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                3⤵
                  PID:1336
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
                  3⤵
                    PID:4616
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4256
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                    3⤵
                      PID:4992
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
                      3⤵
                        PID:4464
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                        3⤵
                          PID:1216
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                          3⤵
                            PID:4492
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                            3⤵
                              PID:364
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
                              3⤵
                                PID:4464
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
                                3⤵
                                  PID:1240
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
                                  3⤵
                                    PID:4668
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:2224
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1056
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3324

                                  Network

                                  MITRE ATT&CK Matrix ATT&CK v13

                                  Initial Access

                                  Execution

                                  Persistence

                                  Privilege Escalation

                                  Defense Evasion

                                  Credential Access

                                  Discovery

                                  System Information Discovery

                                  2
                                  T1082

                                  Query Registry

                                  1
                                  T1012

                                  Lateral Movement

                                  Collection

                                  Exfiltration

                                  Command and Control

                                  Impact

                                  Resource Development

                                  Reconnaissance

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    f35bb0615bb9816f562b83304e456294

                                    SHA1

                                    1049e2bd3e1bbb4cea572467d7c4a96648659cb4

                                    SHA256

                                    05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

                                    SHA512

                                    db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    1eb86108cb8f5a956fdf48efbd5d06fe

                                    SHA1

                                    7b2b299f753798e4891df2d9cbf30f94b39ef924

                                    SHA256

                                    1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

                                    SHA512

                                    e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    1124e8f3fd9428f697cef7038d6502be

                                    SHA1

                                    7e7000305381729109506f533a9ab7cc87e7c3ba

                                    SHA256

                                    c987e7c438fa9a74a6b48731f2388aaf3664929365864d4a91305cc3382861fd

                                    SHA512

                                    bc82cd92a9d911c237ed09a50a77940e4c3c7d3bf83171ed678ff9831ebaaad4abf7a084976aa190a41ac86122a8c3ccda2ce1cc245424272e16ff3f1aea6e1a

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    5dc2b2310050a33ea561272b430535d5

                                    SHA1

                                    673f1d5465b40c248ec4b7a5f98ab82f6369e6f6

                                    SHA256

                                    9fb56c4465f661af7b1e8a2f965f1c5b0c9b9039dbe810094173bd08c08c49e8

                                    SHA512

                                    69c66a80c7062fe69318ee6f1fcabebb66b45fefa92ee52bb57183d8a5f90ed5a0e7528e73188ded7116b59aa50c21fb0b64c2b9a0468c5d7aca74e84a8af5ca

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit
                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    8ad074c3e61537ac0e6f276cec9e9c53

                                    SHA1

                                    89e4d290024d9b895958472734f9e7aeecca8c54

                                    SHA256

                                    4a8e93b350f03e9385b4eac137fe82ade8604f5de45e782ddf175675ba4b9db2

                                    SHA512

                                    38ff48b13dd0560ef8ffc614b964a8ac2229b8e73481991a015a6e0d0c70fec3d830cd52619cba03312560d6780b19bb20b28d9d71d666247e4f876595e988b5

                                    Download Submit
                                  • \??\pipe\LOCAL\crashpad_3616_UJAYGTAWWCLEBLTK
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit