Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://nzpostco.ski...

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-04-2024 22:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://nzpostco.skin/nz

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nzpostco.skin/nz
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9ca746f8,0x7ffe9ca74708,0x7ffe9ca74718
      2⤵
        PID:956
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:3696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1472
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
          2⤵
            PID:4112
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
            2⤵
              PID:4540
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
              2⤵
                PID:224
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
                2⤵
                  PID:1216
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:412
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
                  2⤵
                    PID:4808
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
                    2⤵
                      PID:4420
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                      2⤵
                        PID:4332
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                        2⤵
                          PID:1216
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                          2⤵
                            PID:2932
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
                            2⤵
                              PID:4184
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                              2⤵
                                PID:1920
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                2⤵
                                  PID:1204
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                                  2⤵
                                    PID:3940
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5584 /prefetch:8
                                    2⤵
                                      PID:2928
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5600 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3792
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
                                      2⤵
                                        PID:3540
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15551140114250993273,3303467514414389621,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
                                        2⤵
                                          PID:3588
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4720
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:1012

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            cbec32729772aa6c576e97df4fef48f5

                                            SHA1

                                            6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

                                            SHA256

                                            d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

                                            SHA512

                                            425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            279e783b0129b64a8529800a88fbf1ee

                                            SHA1

                                            204c62ec8cef8467e5729cad52adae293178744f

                                            SHA256

                                            3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

                                            SHA512

                                            32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0357491d-2999-49b2-9fa6-9f139267e815.tmp
                                            Filesize

                                            6KB

                                            MD5

                                            332d41e5fda8a2c067a96ebe6fb702f1

                                            SHA1

                                            0932694c0c5f24addbf1bd9abca84783cb851a09

                                            SHA256

                                            0b41bae0de941c29ad09957836219c839defa07588deaa7e128fb053aa1303f2

                                            SHA512

                                            bf9fc0d2f01964b69eb99bdefe501915c9851269666ca649cd83ac206f3206a3d4c7e644a48a5aaa43faedeeca2880fa1e9a0b2ea2a13d9f6b97b9fd09d1fba0

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c3dea42-88f7-47bd-9594-3876c51c4b2a.tmp
                                            Filesize

                                            6KB

                                            MD5

                                            9621b8b6a2da6187670721a5733bcca8

                                            SHA1

                                            9367b807f0997a800bb031a17c93af397bb1086b

                                            SHA256

                                            285a2322c5c81418a687c48ed47fc60f3914ec77e84fd8a64236a1c87a5eb1f0

                                            SHA512

                                            0ba275ae7204dbf2f65e4ff910341c40100bbd8163a49f01aa093f5315b1fff38ab51b8910f087a109dc12efb78ff085f876af538e9d43e881359f7b3e55ea11

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            1KB

                                            MD5

                                            4591af8ba94655cb49029bd6bf01ada3

                                            SHA1

                                            87c22d24dfadbf6e3371d8513628cb80bf308b8c

                                            SHA256

                                            fc6ac6adb7b4ed482519b363d89806e414f1b00ad31839e1ab33e8596102d591

                                            SHA512

                                            b6df60c0d8a09230e29f4f264df097bf0410109becdae1fa57cd128a5b2ec5e0b5e47b388b4299c8e7b558000e59575cc1034d921775946400ef3f330bd14e21

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            398B

                                            MD5

                                            bb4a5d1c337b75dfcccd6e64721156fe

                                            SHA1

                                            4fac3a8e342357f1a013958c392c86bb68482f92

                                            SHA256

                                            8fb27cd5327257e8e0fe8879f461e497b38882cb67eeb3c42051d6b4af28f7dc

                                            SHA512

                                            8e2b649e8b8334ce28d928fb3a39bcc46b2eaa832c4c955f5f58afd90f5bf66591daf6eb6d600e25a1dbc6a9b712164cb7dcf28ca48702af28af756d43ec1392

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            56ba35b57f2d58b5ad0327d1e22f3e59

                                            SHA1

                                            69106f28e22de25acae7d78786ae71f993feae35

                                            SHA256

                                            1bb36079588ea64f024614bb1dc8ec6efb94d160fa9885c2686474870c29d5ca

                                            SHA512

                                            7aab1d96054492c5871f7ca4139ba1428e0590053012ecaeeca96fa87c0419d100458ebf595fbee6fcf7d4c39864877c87bbfb69217935d03023be3683272268

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            7KB

                                            MD5

                                            a85c8517483bca275ec65d267f831548

                                            SHA1

                                            714d8e37179a47a08e51538949daf36ccee3e639

                                            SHA256

                                            5611fe258be049e8e8aa10c5bd8f993465c26d01251e6788b882e0633bca5cc6

                                            SHA512

                                            a38758767c9a119320991ba420e151c2d9f8428dc05ede4a699be3080f6b5f071af5d6998a17e822f0ac57d9503e2ada5026cd2196571fd3c003b3c49dc6bfc2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            7207b1b263ce190b17e3a017718e87ad

                                            SHA1

                                            fed4ebfbd5543e378b1ad87812a2aff1a063faff

                                            SHA256

                                            e71dad81f9520fbbf45b80f202d26a7354509f08d9714c471a59ff8f097d4e10

                                            SHA512

                                            d1cf848def220f25aa10ea2dee91411d5586b187e1c676ca806b4eaff60c12f1af4dc0d56ba1b520c3c5e93f6b0c682c8d59b140666c44521a0c6ebc4e32d24b

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            cfbc76b452ec7f50d0e4f5c027d81370

                                            SHA1

                                            33ccb250e1a6e6e1026130aa73c184225e863ca9

                                            SHA256

                                            6aad2b4b51305c8d22f95d5c3148e2355e516b0410bca3a318fcbb97c6262f23

                                            SHA512

                                            ef47f7a8d301339ff4f66fab99f19fd49b7bf279e0b93d77bd09caf5661127f5727202166629ab0f564166d825a294758095dd63f1a957a6878dd5b28d691df0

                                            Download Submit