Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
19/04/2024, 14:20
General
-
Target
https://cdn.discordapp.com/attachments/1223199506984603718/1224792127733760061/BLOX_PREDICTOR.rar?ex=66313c8e&is=661ec78e&hm=d030074c56b8c33e7b43d3139f8cd9b1501809d1d609c1b2a898663d7d5377ac&
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 29 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of FindShellTrayWindow 52 IoCs
-
Suspicious use of SendNotifyMessage 27 IoCs
-
Suspicious use of SetWindowsHookEx 51 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1223199506984603718/1224792127733760061/BLOX_PREDICTOR.rar?ex=66313c8e&is=661ec78e&hm=d030074c56b8c33e7b43d3139f8cd9b1501809d1d609c1b2a898663d7d5377ac&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe9f9e3cb8,0x7ffe9f9e3cc8,0x7ffe9f9e3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,6199998592108574539,10248061660153173387,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5700 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\BLOX_PREDICTOR.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\BLOX_PREDICTOR.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\BLOX_PREDICTOR.rar"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f1a9c7fa806c60a3c2ed8a7829b1461f
SHA1376cafc1b1b6b2a70cd56455124554c21b25c683
SHA2561eb39b1409ce78188c133089bf3660393ac043b5baade7ff322df5a0ca95380b
SHA512e1cb2f84b5cbd86b107c0a9ec0356ab65a54c91208f9f8e83fec64bf17ae89356a09b0cd39d2726424f4041d7b25b962c23672b8645c2e10f11ff4d2075f4afd
-
Filesize
152B
MD5f3f6e86c8b7bdc605f5559df800bfd34
SHA1862d05bfba760ae8adcbb509216dc18ead59a6b2
SHA2565dfe9be21d4916615025055f1a70151362bdb404b40f074685e39b33ad545a78
SHA512de576ebf0cbe1c5e7639c42517253796cf4b5770298271ac2e6958404998f2d6b8e3378a535f2f316f4020fd8e60b5cc9c1b6b5171d307ca3215afe8ac47a7c3
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
5KB
MD573ea149488f957146b5b2fb720cb0b60
SHA1d60ac0da1f63a64a940a9149c1aeb19ce590c8db
SHA2568bddde72cf82354b5c357258a0a78749eb75d6b1cffb936abf24cfc3ff533740
SHA5124b67735569ee52454323743ce7176d46d608e80f2bb5fe4d6d040b5080294a9b0f47731a4188c272353c9bc5f22a34638c0a32069ee09c968b2c856b17d8d9ee
-
Filesize
6KB
MD5e96850854741cc1739d9c9cd71cc1141
SHA12a5dc9da9f631accc16ec95ebfa6c0bea051b86f
SHA256061e434df9320e949feabab30b1df032d284d69824616fecb56b1a1712a8c535
SHA5120c87fc3aabd13576bedce03bfb3bb31277cb30fb797af217bce9bbd84dc088f19b5be51757f713fa474c7c79df0f97c86207379e33b32e7bf517c4de6cf118ce
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD51af809d48a5b56a4bae1cb94a7f90ada
SHA1fd03626ff1cc14b5f6722daccb0d342bf853619b
SHA256ca2a2027679db2bd4e4fbefab9076a702f97ea7031b2e82f443ff046a746ec61
SHA51214906eb1e5ed67b9b6896ee2b0b3e90292daef1aac046f8c2e397c445421886eae0dba526014c5e68cfef78c529a09789c4becabc1a0a1bbb5637c48c8a635f2
-
Filesize
14KB
MD529841ed16ed7be753c9e1f51f832607f
SHA15652847814d7123dddbb2d7ded95fc851a1c4750
SHA25660716a6ebb0ddad0f8c0398ae47d3026fd4a53f98adad286e0f61201be7cb2e6
SHA5122a9c2ffb986249fb32cf9a9bdd852ebefa8d328b74901e36c220ac2d2060b58497072a41dcb0ffbedb001cd7e45f347686f52112e32491e7d9538452a32d76e6
-
Filesize
304B
MD5781602441469750c3219c8c38b515ed4
SHA1e885acd1cbd0b897ebcedbb145bef1c330f80595
SHA25681970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d
SHA5122b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461
-
Filesize
530B
MD5fc23904a206a29a61fa669eb7cb6d84f
SHA1450efabb51681ccf722fecb770af0836bd876634
SHA25600e33015e11d980af18c99f1c7f4d4ebcbe76bc1e435d2f0185c0a662a9625c0
SHA51254810796bed3cb2c8ae3d1e890c6d516fd1b105a27398072f7ba254b2a4b60e0e045f722e4a859a6cac5c35b2aa1294ff0a8470973f49cd6c6c3ad36c701eaba
-
Filesize
732B
MD5ae10b2b80da425fa6b03ee2466f48870
SHA10b9bd653d9743d56d9eeee23a824348ffc0574db
SHA25606909894f849603b4ba50aee9119a5a560c95ebb92609028c7291fa1aa8c9e67
SHA512d4b8fbf3801546a7d91bf5da80e96a565ce75837a9872f10f22a7dacd34fb8613820d95580f1677174c4d9f194ba8b526db90e3f9539ca31b628ce368b7a80a2
-
Filesize
94KB
MD57b37c4f352a44c8246bf685258f75045
SHA1817dacb245334f10de0297e69c98b4c9470f083e
SHA256ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e
SHA5121e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02
-
Filesize
7.3MB
MD557812dc28e33897f6913dc0de97e938b
SHA1f5406484c2f3d176109e63ef8c2b13b2e20761e5
SHA256d999ee980aada4467c4da64bcc9347352dfe911f60991d46cf7bd7763cd99742
SHA5123cdb4d981d3f60e58c3b5a397decb4653a6f3752dc6b843ed7a1edfcfda43c6cb9d0d280d789abf6e4c959292e0c0ce1d78d672a303606edb0493b1d82d599ec
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
1.1MB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
992KB
-
Filesize
208KB
-
Filesize
992KB
-
Filesize
208KB
-
Filesize
2.7MB
-
Filesize
1.1MB
-
Filesize
16.7MB
-
Filesize
2.7MB
-
Filesize
16.7MB
-
Filesize
1.1MB
-
Filesize
208KB
-
Filesize
992KB