Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
15/04/2024, 05:56
General
-
Target
https://mail.google.com/mail/u/0?ui=2&ik=4e467d503c&attid=0.1&permmsgid=msg-f:1796358265051876089&th=18edf25315c10af9&view=att&disp=inline
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mail.google.com/mail/u/0?ui=2&ik=4e467d503c&attid=0.1&permmsgid=msg-f:1796358265051876089&th=18edf25315c10af9&view=att&disp=inline1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6ba346f8,0x7ffc6ba34708,0x7ffc6ba347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2408 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11924395729632392864,14143075316822458437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResolveConvert.mp3"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5846ce533b9e20979bf1857f1afb61925
SHA14c6726618d10805940dba5e6cf849448b552bf68
SHA256b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3
SHA5128fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c
-
Filesize
152B
MD5104aab1e178489256a1425b28119ec93
SHA10bcf8ad28df672c618cb832ba8de8f85bd858a6c
SHA256b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01
SHA512b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf
-
Filesize
360B
MD5f13eb95b60d6af72b79271f4a7e7bc53
SHA1ed9529decf5ad642dc8f1e24aef2483bfa944533
SHA256ff841834390107f0fe3092a6757edf63b9dc53448f48f4508dcf78feff56aa09
SHA51229d5e87c8e228e458d5c78e5d2b06aaf237cfd8c090e467d3c972f742b22c99388b09ba7be21a97b86281ee6bf51dada12bdc5fa7557f04991c4f56019c81b90
-
Filesize
1KB
MD5d4580266a44a4a8a7bbedc09c032d415
SHA1d472004267d30ee9a5220444945dd14f99738d94
SHA2561f08b7541e84e4436d6855c6fd90ad1a9a97db4329ee647f30466aa21148c614
SHA512484f36e00792f63e7d3814355162a82c792a164aa1c486098a5cb2d92c7855efeb343f34dd273ea76a197d70292dd35ff8f6c647e951a7f625218864fafa9d17
-
Filesize
1KB
MD5bc1611e58aa76203ffefbc3d60d27491
SHA1a60f1f9c4027d8d74e452ecbf40b4229a8b74b73
SHA256770b58f54a14690a096ebb73fdd44555616c8343ad62052870f8bca295e1d7d4
SHA512bb0b779ddc43cff36d0ae7a8a083d9e26c3c2c6de84ff628726b93d211e0e518a1b4d22df6f52d4411472e20afa79646b51e937fb54a1fc921fc7df40f867f79
-
Filesize
6KB
MD50767ff93bc0734c64ba16ea7c08c76dc
SHA1fb1d70dadb4b9617d2ad4758d7f14f85a288c4b1
SHA25693a2b782604165a6510cdbdbcba06dfc61640183ae8ed12e9146bdd942cb870d
SHA5123d4d97fd14f3d1be247a2aa493010a18cb983f1b6291f19bf564ec216a55b59cf89c0eb194c4e77ce5760866cb67387c653d3be12a5085a1c7c8cca34d1d0cf0
-
Filesize
6KB
MD57ec7d059331102034b1427252b0f26dd
SHA14a62240fdfa4f5fef0b1c1ec3a6e67969f82d826
SHA25657c7b7e6369798274a2ba985d77ac1b706326aef323d922cf7de5066bbb6e679
SHA512ea94935a93fd6b46a53049ada6c51230f071274dd202fb5c8de104772dc6309ab64dab8da2646b9bec92f08c376754454a654418b3a2e8d45ecf4979e64c4a04
-
Filesize
203B
MD5545e99ed2a9638a68f0d6abb924cdabd
SHA147dd9d668083ee7bf072a42d3ebefcae6a2a105c
SHA2569d49e75a1e45777ad0fa720ee8adb8f97df9899d918f29e574aa56d10904ca3f
SHA5125def43dad77d361071a36ebdf30029a55a001ee42a464879c4e59332cc311c3bed12e73cf604e290f8d9df5010e1de05e6fc1196425caf01c812f6a41fd4a05b
-
Filesize
203B
MD52ff233b06365da83d151ed8cb71df55f
SHA1c59bc3e90edcc2565042974ecebb2d2759293608
SHA25642e55f7cc2b292edb19fcebb4394233da621304ebaced890337bc50fb0120b3a
SHA5124c35e757a8144a4bea78c38174ceab501b9fa06e85addcf522691746db9666513b5aecaf5194b7485bac44fd10dc20e2e918f28823cba2066b09fdf08fa23fbc
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD521d8d67b23da0068f6a01699c9298490
SHA19d6c62332e7fee900d0609181a0cc765a411c8a3
SHA256d2ca6fe72d857dbed7d3cfcdf44b755891cad3c512e407390a1c54da0c692ad3
SHA512b7c94615f54d885ea0d7807e1c063209c43912f7f3aad2b65dda7322bfa4b0d24c3d5cd29a9dcfffdcd6dc920158f8b54e2a0a60580d55a690ea229da6f7105b
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
92KB
-
Filesize
68KB
-
Filesize
116KB
-
Filesize
92KB
-
Filesize
2.0MB
-
Filesize
16.7MB
-
Filesize
260KB
-
Filesize
132KB
-
Filesize
96KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
108KB
-
Filesize
992KB
-
Filesize
2.7MB
-
Filesize
208KB
-
Filesize
16.7MB
-
Filesize
96KB
-
Filesize
2.7MB
-
Filesize
208KB
-
Filesize
992KB