Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240319-en
  • resource tags

    arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-04-2024 12:09

General

  • Target

    https://gigglywaves.w3spaces.com

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gigglywaves.w3spaces.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fface8a3cb8,0x7fface8a3cc8,0x7fface8a3cd8
      2⤵
        PID:2464
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
        2⤵
          PID:3820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2484
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          2⤵
            PID:4880
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:1656
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
              2⤵
                PID:3708
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
                2⤵
                  PID:3244
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                  2⤵
                    PID:1576
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                    2⤵
                      PID:124
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                      2⤵
                        PID:2940
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3872
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,5979313409308496678,6016744897230634399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2348
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:908
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:2128
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\StopPop.shtml
                          1⤵
                          • Enumerates system info in registry
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:4084
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffabcab9758,0x7ffabcab9768,0x7ffabcab9778
                            2⤵
                              PID:1908
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1800,i,224975324129740302,2703197305702021129,131072 /prefetch:2
                              2⤵
                                PID:3240
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1800,i,224975324129740302,2703197305702021129,131072 /prefetch:8
                                2⤵
                                  PID:2968
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1800,i,224975324129740302,2703197305702021129,131072 /prefetch:8
                                  2⤵
                                    PID:1612
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1800,i,224975324129740302,2703197305702021129,131072 /prefetch:1
                                    2⤵
                                      PID:1812
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1800,i,224975324129740302,2703197305702021129,131072 /prefetch:1
                                      2⤵
                                        PID:4056
                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                      1⤵
                                        PID:1820

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                        Filesize

                                        264KB

                                        MD5

                                        f50f89a0a91564d0b8a211f8921aa7de

                                        SHA1

                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                        SHA256

                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                        SHA512

                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                        Filesize

                                        1KB

                                        MD5

                                        2d13df5a86f2ce5f0a81e28a216fb6e9

                                        SHA1

                                        d03a918386a0b00658c2e3adc383848d141fd1da

                                        SHA256

                                        e89e2f4fe6cd286e2235b925d5b3959e7c3ec84d864e0fd2c199f611f48c6aba

                                        SHA512

                                        538f53b908247a97ba671bdc7073105fe3a6c967402b6394dc7b7ef32ede90d7db20fe9c8f52225b9e35191e874b500f2c6b13678a200a7cd579251f12c115b2

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        89cb7aae9d99ce3feea516dcbb086852

                                        SHA1

                                        883d030be32f88e66f14e8fb0e30c909e125081f

                                        SHA256

                                        be3ca5600cc4e997d19bdcb229459f3c1ef0bb68a02a941c0c138e931c612d1d

                                        SHA512

                                        e34db14fe3f182f37d1be2256a49f8f716453db55ee0fe8fb7fb16ca469bff8dca57fcec4529f8d92b2d82900e33fca03ef4479d10a1032e198fa367ac373357

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                        Filesize

                                        268KB

                                        MD5

                                        dc13e34fe003966d4d3147c372cda00b

                                        SHA1

                                        7a313afe53d0737b3ed351429901372814780ca8

                                        SHA256

                                        b56202bf18fed89f2e504904a28a87475faf56ba366f22550cced1888e5ce88a

                                        SHA512

                                        55cc46aa3590fcde29723779ce8613f6051306e05a7c98f78e2f6757a5a5361a76867383c9b8aa251f5430069dcb10684b6be137549009ff58c1eecbd17bc6aa

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\96a43391-3b33-4344-a697-acdc630a4393.tmp

                                        Filesize

                                        11KB

                                        MD5

                                        1f0fb57768d1b7f597fd3cd43fd323a5

                                        SHA1

                                        cc5ebe74527d258a62e723292f52234b3246ed6d

                                        SHA256

                                        ecf9c5a0cb89b8bb5874d15582ea9e43957f7c5fc05a4a55f50adf1f4964b8a9

                                        SHA512

                                        edda298f1d4e76a95e29b298b678a9373c9b26d786b2e120aaeaae77fedc6fc1f7065baeb73159112e8618bfb11e0eef1d4debd45a2c18d4ee138788a747777a

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        4113e45804b7888f88ae2a78482d0951

                                        SHA1

                                        4c59bba45c65ba65aa920cbd4eb0d7ccf517a220

                                        SHA256

                                        174195025b51f69ece21274cd7a97fff9f3d9a4bf57185ff3b1297bf2da6d1db

                                        SHA512

                                        16355c4c575a162396cf2ca377f586b3659a70e8c1708cad66b74bb3ef66cbf9ed33d9376730325d95420e5f4f558b2bdb6b5b7595b8b822eb6d2449a83c3f95

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                        Filesize

                                        152B

                                        MD5

                                        e521eb4a4c2bbe4898150cf066ee0cb0

                                        SHA1

                                        c2b311b8b78c677b55a356b8274197fdcbae8ab5

                                        SHA256

                                        1f947cf3be3f525e3039b9c363bb7d7bc0dd2b70da434149e0f0cbbc5d13dbe3

                                        SHA512

                                        59e1b52a41dad2e7f36e0343e330b00bc33a7ba88f616928fd2b6cc526cac6effed76b006cb8a23ff45e85be27647114c7a8376ef3ba53d38ccb9ed4de9a5ea8

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                        Filesize

                                        192B

                                        MD5

                                        ccf3250c70ef9a66a47cbe7dc98075fa

                                        SHA1

                                        e7ec5e69cc5a03d723678183f21f31ba37bdecf4

                                        SHA256

                                        f676b54dad5124f50de4fc041eaba7eec9813840a7f59d52baa9a9afe3adf38d

                                        SHA512

                                        78fbdc079f7cb026580c68ebdfcb6451f1df06d8d6f88ea155515738d343c1bdc96980c4b71fd5a2d17b279760330f64e2b32b58afd17db7cea74c8d9744dd0e

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        5KB

                                        MD5

                                        eaec6c02622769adaef409105a339979

                                        SHA1

                                        2ab8a557fa4b806ed85e81ed0296947d8b7ef22d

                                        SHA256

                                        8b0878c4742ebab08cb9a8d3081593780b3a2e8c5e95e59cff3add18a19c6b32

                                        SHA512

                                        21e470cf0d81b1ff610ea5b3dbf1965bf66e7af47893028b1673bebe661ab0e1654ce7e832f00a53ca9f70887e9a41dc5b49720049341104e05064b52ac3d75c

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        8b075d4fc17eb0b7166aa60237c64aba

                                        SHA1

                                        10612ddaf4f65d4e8816f39b7d6457eb791700b4

                                        SHA256

                                        c72012d6ea178fea1ab6dc707389ef4b8f02bf8fb21393a9966e062cc4e27043

                                        SHA512

                                        6844c31c8a738462b32a57db511079a8cefbdd76e1f4f0bb4d380a1e75a6f6ed9fbe67ce373b2194745a606d098cab6c6bf5bc7d4e6c1435ffde31193002c4c6

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                        Filesize

                                        6KB

                                        MD5

                                        1ffb3800739f0bb8997f4c70ae3b8102

                                        SHA1

                                        596fe4973010ded344784a2709259c03f6edd3fa

                                        SHA256

                                        6275f0814fe993132008f9f0224d76eb1b54edb1de186fab247fc0cace67e1fc

                                        SHA512

                                        17946107a2d842946e4bb5a53da2c6cbe9c56bdaa3e9cb923aba77bde37a8a3b9e6bea8ec6be795b57e636db4ad875bae090c67fa2efbf39e212af96ee826dc0

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                        Filesize

                                        16B

                                        MD5

                                        6752a1d65b201c13b62ea44016eb221f

                                        SHA1

                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                        SHA256

                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                        SHA512

                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                        Filesize

                                        11KB

                                        MD5

                                        08935ca2f9233df8edc689cec0bcf6d9

                                        SHA1

                                        9b27c226183939ea4748659a534534732f9a5889

                                        SHA256

                                        01f77079c84600f86b8786712e132a96d65ce811b902b1fbdd572f5a4b6e844d

                                        SHA512

                                        5dc8ca79c6ac84511b9a3eb44f8a46887f65f43c2421f8ecf2b38584bdc4e81e0db4de078d5e62ea77eeac941cdecdb34dad70fff17cb54099c0d56f734d6fb0