Analysis
-
max time kernel
65s -
max time network
68s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
21/04/2024, 01:52
General
-
Target
https://saveweb2zip.com/en
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 11 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://saveweb2zip.com/en1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7fff2ecd3cb8,0x7fff2ecd3cc8,0x7fff2ecd3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6172 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3084 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1916,9224123989092591960,2298288720664953800,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ae7fbf62fc07f0bdb15169d2de3dc768
SHA19155eb973df31a7d6fb95f03058dd523171b4f0f
SHA256ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624
SHA5121539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae
-
Filesize
152B
MD5a5e869975d65ad786022d6fc8b47b747
SHA114b030f53bc86bdbec766b2f3942804ca742043a
SHA256d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f
SHA512fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc
-
Filesize
1KB
MD5f6226a37583d3dd96f0ab5328d34fbda
SHA185cadf5d1e4c070615740f3dfb9027d7d2a9a710
SHA25657743c161f177fc580ed10a45205fdb091a85a53b0eab2a72a5d38be879c11e3
SHA5128b88e324f5c98222a5cc9cd2812f83dd109171e31a076cd58486e3a564d03b39dfdf7aff94263ab545e3e03b40a45e68d9b55eb7e4094af56b129b5bb4613d8e
-
Filesize
240B
MD5fd99d07a079c9c49eae93048ef0049c6
SHA159de4a7293c25ae618e38bb27df632fed8c39551
SHA256a78d5fc7cd7d0a15c2a665acd4210bb96f7e5f5b1713b6f958e5bb806afa3d11
SHA51251556c78f91fc8d2a2db8fcd40d0c612bc7e3bf5e0a1944b0171ed436417a4624c500f61d1e1718d474efbf13098956b67d6b35c599f7cc4bda1dc0c270747bb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5595450db3943ab106f12b49bbc4cd081
SHA17202b2609b6136f51f029cdecdf744e85c5190b8
SHA25615dc4ac1d435c18c4ab026a31c41298736ed325cd95a8b51b3ff2dd7e42b928f
SHA5128ef8bc92b063d025f48175729ffdfcb00d56c4497cc0b1076e26f77f806f84e13b358abb6f22b80ce47ae63f32334095d05ff182f7e39a4e164a229583783b01
-
Filesize
7KB
MD51c7d221b085b14a3d02ab85ee81eed1b
SHA1d23d612ffadf511ff0d0bc9dff81b32190255fb3
SHA256560a8570ba051986e9423f9b6285c85ad8456c19e06c74e398cdd4bfdf1e6a7d
SHA512242b0a23c351ed826280f9358d605d5ec9e156c850ba057cbefb6eac2868718b4988948ce791ff279c3190faa585ed8efbda0c8af5984822fd9031e775902bb6
-
Filesize
6KB
MD5aa259b37720f3f1dde1f889f7b9b1749
SHA14d27905cdb8c88977163db26600606494948c3c2
SHA25642f41162b7906abd73f8820dcfc770b7af57b2617b39ffb427550a848d13fceb
SHA5121cca7cd93bd97c6e28a41b019441d0604298efbd6adfee7c4ba53095145a0e50f8acc5c11be3e115076e9dc513c2a96cb91fc5839541894dd003868f2a3a1c5b
-
Filesize
6KB
MD59ff6a69bcc6ddf9b883c8b8bff0310de
SHA1dbef7c7d90c899be42d6fa1000b84159a86ce754
SHA2562605a16b8c1991c541517430329b9f5d581189cfe51dae223951e28caad8943c
SHA512fd8d8f56e71587ccf1698b02a9011bc5caee9b08f7f0c2820ec54255c2d150ac97788fd951b5b6d30303d4591a19d45b2802409175f9f77fb07d6a2cc746c6dd
-
Filesize
1KB
MD569bb7e5d023ec60425562e5ef5d154ab
SHA19bf8e450ac8f3e0661edd25ae0c1594163ef25f7
SHA25654545944b6b81fc49b5b5517738f1c6d0335adf226c08a85ca6adca6c4b5d1e2
SHA51254f560ccd1dab8cb78300bbc5dca4baf805ba31b6bd3f9d2d8ffb98b3544aaa4340ae369c36cd239163bd4447f6b00e5525c50ffb6f6cbc32fd4711d7b0c89c5
-
Filesize
2KB
MD581fa68d9fd3b60380e318765c85f3d81
SHA189b9cb4e5f4c3dc0e925e533cdf9284ca943e83b
SHA2567be7ea22e9b7a7ac45ff972430b3533858c295a2fc65f3ee09f2df545d906f33
SHA512987c80c11caa57dd6d2250a9b6de5c6024260fc010fdbfb52f000ad8c8967ee83a8bce793c6747204be378363b57bb634c007fcf1a6432abf25895a246721971
-
Filesize
2KB
MD58062e332fc47b0532ae596e42344bc79
SHA1992ba791b8db2a8bc6727fb9c6d46f5905f73f04
SHA256479434bb8f98af0053e9fc94ba493b61aaa1e5d3d7b90452363b15a7bc57c26b
SHA5128b219a15d7d19697be0f35de6311b5d7dd326aa1c9dc571c05190b1b900eedc28f2bd99b001a73f89eed9227cbbb3cdf120b7386d570098a89e2e6f9b8dcc396
-
Filesize
2KB
MD5fc2dc695645aa29ba479dafac85c13dc
SHA1e33d93ea59a0cbd0a608f7f2eba0d51a18dc17dc
SHA256060c317a411d197bb40538c62b8c248433971074740be9091f23f0f3dc2d3711
SHA5126a8ba890db0e69c182fc02e7a33e8a9ff974168cb1f6b946c70c0ceedcbc542510c70c9d89ff787140172a5864782d95ed65c9367ad1b1520c3c705c1f02630b
-
Filesize
698B
MD5eaae85e6970c3107f67db0ba43054624
SHA17cfa64027be3570a95da87f1d84e65a0e53c33e0
SHA2565d6fc431c4e5e4e0adc76f6276705eb91e3b996712a6ecb8c344be9cf68fd096
SHA51223363736c664ffae36d2e71aa7893263657e02184493d8d60cf31ad4e12d55d57a0bbb24738057e875de71e5c44b759853777a7b07a7c8eb2714fb43cdb1c320
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
11KB
MD5ecc006f357b354883c39b056fda82059
SHA1622c016a5d2bd7151263d1683a7e224c7b5e5334
SHA2561335255818b10de5fed7d26ba07b0b81dfa2bd585d09d87e4217f88a3007e555
SHA5122c5bffedfa2a09ec3a67bdc323505a33a822351cb456c1cfb86a88f06455e9a4cd63315f10cd3a3c6e7ee708225935cf3b3606b3c169a13a79d477e56925cb23
-
Filesize
12KB
MD536ac0021198b86e8cc1e74c59db2b564
SHA1d89c98566fc7c7d9021e2c4e2174ce8ddc4808fe
SHA2560b3bb6ee4472095b8be0ba9d726623c5d6e1536500fcdef120c797a71a786e26
SHA512ed6c0293b3501fac31715554f9580104e38e788bd2547af054bad508c1610d738ac7cdfabce75dc57601344bea3f57e6a38465a87942f1e9361e7b6bd2c4647f
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84