Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://qo483.cfd/py...

windows10-2004-x64

1

Analysis

  • max time kernel
    46s
  • max time network
    48s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-04-2024 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://qo483.cfd/pyyk

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qo483.cfd/pyyk
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88be146f8,0x7ff88be14708,0x7ff88be14718
      2⤵
        PID:3812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
        2⤵
          PID:1312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4400
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
          2⤵
            PID:704
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
            2⤵
              PID:4488
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
              2⤵
                PID:2052
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
                2⤵
                  PID:3260
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
                  2⤵
                    PID:1136
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
                    2⤵
                      PID:1028
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2196
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                      2⤵
                        PID:4772
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                        2⤵
                          PID:3264
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
                          2⤵
                            PID:5084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3476917642086406174,7116336419044241271,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                            2⤵
                              PID:2552
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:840
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:5096

                              Network

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                7740a919423ddc469647f8fdd981324d

                                SHA1

                                c1bc3f834507e4940a0b7594e34c4b83bbea7cda

                                SHA256

                                bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

                                SHA512

                                7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                Filesize

                                152B

                                MD5

                                9f44d6f922f830d04d7463189045a5a3

                                SHA1

                                2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

                                SHA256

                                0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

                                SHA512

                                7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                432B

                                MD5

                                b0d770a2ce68cc8b4de5a6acf82bd3b7

                                SHA1

                                cf416b03c7277e71bf10ce59d5b430c954af933a

                                SHA256

                                f6d0b19e41f1bc50ec91e5abc6e26c37d63441b20f9850854495b663b7eab757

                                SHA512

                                80f64d5895091703877b92ef2658e1316cb2a9c17486f6e3d388c03168c777f9eee07ad6b2765e1dd4a1a3113c39da97b7b9f4c48fd1240498b55b88ed98a9ee

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                Filesize

                                456B

                                MD5

                                5ca7137c42e5903759bd0b4d422f4c57

                                SHA1

                                926984ba0a9cfcfd68e6d4ba45d019369c0ea19e

                                SHA256

                                84c77c09b2acbf93dc69b66cf3980e52445c22449ac1f4fc827c78fd8ea4f9e5

                                SHA512

                                bf22c4780c95daeafa230ad3ac5121f8c491b412f8343a869d85f6124fd5028fa5f28c64da7880d9fa84ed4cdc69d336d7f52b31ed5b45361a89c9251b5df2b9

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                Filesize

                                509B

                                MD5

                                3bf264d5729f99c3d8bf42ce31e6ad20

                                SHA1

                                86066baad4f787b79b03978123ba8aa0dbc6a4e4

                                SHA256

                                a49d24217f72652b62fe03b75d151eaee9d5313dedec4953b72a48de23661757

                                SHA512

                                327e5c51397171fac772345b0c419e449669c2d4707234d303d4811bff5996e13d8fd9bd63d7bed19d6666ceb15853b23e0e65430b599498a21c99b70c427a12

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                1f68b63a582984c668e9be6a26378d83

                                SHA1

                                4154aee65701f086363caeecc438ef65d227eac4

                                SHA256

                                c3701f7e7ab02a8ea6a7191895c18951093bca38827fd122b64e671472fef493

                                SHA512

                                8ef9c9ce4da57ba1e3846a89d30b02994415cd0aa051bd140f38a4f60486819b532e42fdc464c9fac28557d295c127de464aee53526c5d6050da2b48a7f07234

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                23e923eca58cc784762a84736312b4e7

                                SHA1

                                17a1a9f003d050ba749997b919a326fe04b84a06

                                SHA256

                                1a522b449e3df8bee815983c51f615f6e097adcdfd5a553bde053ad4c7c9ff3d

                                SHA512

                                503b2608ae53e6d6a3ae0b5463ac2ea8ae3e5a1f3439f45cf12250b127a2c82cda47746801cf042a5a9217fc66808593ad6da74dd8491939666b1e8ce997a702

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                6KB

                                MD5

                                ae01bc8a769711954a0ad5858fee2b75

                                SHA1

                                00acad7423e610abc1282b6aeef74776707ed63e

                                SHA256

                                18a2fe11632dca111e9624945e38b2a07f969062032f644be57e82fe45838cfe

                                SHA512

                                25c98d1274eaca337491e30b920ceff650218321b55bc4740953351d008e295a624e4850303e2b96ea1dfe83f1864060d6bab6b357783cf39c4ed58a9d2e7f81

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                Filesize

                                7KB

                                MD5

                                0b844d0938119676d76287ef5d2c3936

                                SHA1

                                dd230404cd403a2fee53d2233488f64f67f11c96

                                SHA256

                                5e39d82200c4f698d7dcb5745db962fd71479a497ab039efbe46bc801991eb8c

                                SHA512

                                ce2600a55c9f44663134536d7d469e235106a9549d3e9ea5c6228ace971aae591cec398f1909deb961df510185310c9aaefd748acdc337cd43cad84a071797a7

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                Filesize

                                16B

                                MD5

                                6752a1d65b201c13b62ea44016eb221f

                                SHA1

                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                SHA256

                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                SHA512

                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                a487e4d715541a4d4e22f7ea1bbd308d

                                SHA1

                                63de8cb95cab3b8493a2027204b0bb29aefbb514

                                SHA256

                                5f48560910eb6d7599996c8cd1558e5e60e68a7938648528c44b02ab11b22374

                                SHA512

                                6174677156a5ea41d3a21a7e2b1770b6917c6be3a5e5cf9da9bdc406693aff2446dc91ffcf0028f9328fe23f973099dc52747aa0f86fb56e2e6a7d01fef5c3c3

                                Download Submit
                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                Filesize

                                11KB

                                MD5

                                e9c27657a5ba60dc60a0f720c2898c47

                                SHA1

                                4b5896d79fc4fff9ca96e5c2f9b7785a30ebc831

                                SHA256

                                d573edce25edd3302d8378cb07018a2d78681ca71f9308b06374f367bfff1601

                                SHA512

                                50193b64da7b126f0acb7f78f68ea02cc9632446e791b9b1893a84717538921ff6f260ce0d63e9ddee44eaedbbf87498ea9b1c56442fe225f2b33e7d34a65844

                                Download Submit
                              • \??\pipe\LOCAL\crashpad_4884_SXNSZUGQLUFRQOUA
                                MD5

                                d41d8cd98f00b204e9800998ecf8427e

                                SHA1

                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                SHA256

                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                SHA512

                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                Download Submit