Overview

overview

3

Static

static

1

Liberty_Car.png

windows11-21h2-x64

3

Analysis

  • max time kernel
    1441s
  • max time network
    1416s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15/04/2024, 17:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Liberty_Car.png

  • Size

    830KB

  • MD5

    b0e484e0f4b3f24f40be9a45e08ed0da

  • SHA1

    3434aff0c186dc78e2b214d114b7f07bf88e35fb

  • SHA256

    638f5c91d99ee56659d745bd6c824a568782530ce91087b8789d1dd63911b454

  • SHA512

    d90858457cfbfdf97a06b89ce90d0742fd1eb071cd0fa20728890cdef954271fb1abccd3eb58126124676304c159d16b242067620e85b1c819720b37f62bd051

  • SSDEEP

    24576:0z4v/yt4x2DwfIU8mmS876Yt/+wI9D0DWwRXuF3P8:0zHmx2DpU8L56Yt/+D9IDWY+Zk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Liberty_Car.png
    1⤵
      PID:1924
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4704
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4d083cb8,0x7ffb4d083cc8,0x7ffb4d083cd8
        2⤵
          PID:1212
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
          2⤵
            PID:1188
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3832
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
            2⤵
              PID:4484
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
              2⤵
                PID:476
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
                2⤵
                  PID:3444
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
                  2⤵
                    PID:4336
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
                    2⤵
                      PID:1592
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2112
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
                      2⤵
                        PID:1784
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
                        2⤵
                          PID:1404
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
                          2⤵
                            PID:1624
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
                            2⤵
                              PID:4420
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5112 /prefetch:8
                              2⤵
                                PID:3752
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3516 /prefetch:8
                                2⤵
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4364
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
                                2⤵
                                  PID:2424
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                                  2⤵
                                    PID:2204
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                    2⤵
                                      PID:4408
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,11584020572324102272,15388997226321799929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4540
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4012
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:332

                                      Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              e51956799fa67379ea02ed281264a0e4

                                              SHA1

                                              e8f9403225aedfc94b27d902b72ca6591858d643

                                              SHA256

                                              6f3fd42d136b90c98ace40fb6b1522f1b9a1076b431e5290f89cabb4948c3a57

                                              SHA512

                                              c5e017b2b06bf486daa64612f8bbe5dd9f28633d6dfc434f1605c2f36cc08ae6ae40c187316fe1ff998ed7346deef35a66cbc445f2adbb273ac928175e735391

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              b0d0271cd8394035d3f04a57c4376225

                                              SHA1

                                              6ef25cb6b29467e6a659b8dbc28b52006778dabb

                                              SHA256

                                              1c8016ee1208109e59206f98b68b821b61f1cff2ab3852042379b3287674c42d

                                              SHA512

                                              b856d97096d0288fe0547b484abddce5fd100c080a7992709b0158b7e2d498c9820ba54f99b6b71056bdff7f0d6ceeac87793ab074f126e506aee2c83d2523ec

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                              Filesize

                                              1KB

                                              MD5

                                              039e0e4a4c52cebedacbd8abef8f4511

                                              SHA1

                                              5db7f25ab8584143791a37fa34c1ba8795d9e3b5

                                              SHA256

                                              da431f3842641ef063e7d7e486aef00140c9c9513177a5f94ba95203fe631ce1

                                              SHA512

                                              d556437ebf41da361dd11b803a1ed2a3b7d73a23c67c3c081b7d2355e3dae2d5e32a6eb60caaf5906f07b5643cd6896b093cf7ba2ede00e8f90433667756f4d2

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              550B

                                              MD5

                                              2b3a31496d938b72edb44e3b28a12c36

                                              SHA1

                                              d3d458eedd039095acce22c4a175787369f097b6

                                              SHA256

                                              b380f13446b67ac654cf00d9f41026402d34e769f38fddccb4585bbaaeb84f57

                                              SHA512

                                              6ea0bf5097d80e9db25776032b26fd25496605af6f047ba389bd0bf597d63a684224d2134c70f1d02a8036bdbc5b66d81ab88a04f0d3a7cd1261ddc0039ac32c

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              41f5ec3684f8077dee20d36b3ee949e9

                                              SHA1

                                              8b46db3073f938ee647e48d281913684756d004d

                                              SHA256

                                              1a2eaf3df54849e2356115101f479302c7730eb874303395344cc26bb55c136a

                                              SHA512

                                              3c37920723ae078294127c913040d39ab1b11174922e6e11f40c55afde9411c42f87606ecbc8b350e8a5b67efa2db021799076b5757eb6e9eb7812ed52553afe

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              427f0138f79d6f112feee89241131f75

                                              SHA1

                                              bdd147f0c634cd17fcc3cda4ed2d2f4dca9c0754

                                              SHA256

                                              5a9958d87c06734da52058e13cd3a3d9cfa19eed4459f5affd90a3adf033c895

                                              SHA512

                                              c4f6ad935891fac67c5484a72fdd6b9d9a19076c867f66872adbb313fcce03f6587f9884645fd3e99e13a74520d46c57831e77ae07e0de4c88b2f6ec5b236a2f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              b660d7170d4be20850fe108a475a096e

                                              SHA1

                                              d27442801e6411ddef4c896eb9965c31dfae7bbd

                                              SHA256

                                              b8c63408014c001d5c935474e9fa1ed3caa2cd305fd496b12e3b55183099c3fa

                                              SHA512

                                              d083a683fb1f99ca634e589f82f45c2a34cbe31e2aa6414f90fc7edb49856584870b54cca5fac8a1733b033bf5dabc9c85fdddac285dfa536b41cca8fa74fad1

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              b46e6abd2b0e7f60dd0f7d7b37348dca

                                              SHA1

                                              7802484cc6c6b483fe42503ad32564161d197991

                                              SHA256

                                              987a93dbffefdf1dc60aecfa58c951938ac9b697ae1269091cf0c0d6c8b4d001

                                              SHA512

                                              576c82e0a1e5c54d226e1f4e201b62e43e12e4131d25a915d26e5c78505eef0e6cb14955b3382482a63663cb635be4a457767bdb12951479c02b343463bb098f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              ac8fcc14c04239144840d9735971dee8

                                              SHA1

                                              bd1a6861ae1d6bde613a7e1e6103f6961bee6293

                                              SHA256

                                              9f3b83d6e66a7ebd27d88524b3699618e1e9ae1e8c9e488450002b2399c72b1e

                                              SHA512

                                              838b0511042c68abbfd9eb9e655523ca9f5fa0dc467efb56717daa2a0052775ae6932281acfe824326cc3ff190c15c9362d6099e47132b05ebac92748eaa24f6

                                              Download Submit